Additional Qualys Data Fields and Tokens for Template Customization
Aside from the custom fields for each ticketing schemes, you can also use the additional tokens for deeper customization of your ticketing templates. The available Tokens for each ticketing schemes are described below.
As of now WAS module does not support customizing the template with additional Qualys WAS fields.
Ticketing Scheme 1: Host Vulnerability Linking Ticket Scheme
| Issue Type | Field Name | Token | Field Type | Description |
|---|---|---|---|---|
| Vulnerable Host | Last VM Scanned Duration | ${LAST_VM_SCANNED _DURATION} |
Number | The scan duration (in seconds) for the most recent unauthenticated vulnerability scan on the asset. |
| Network ID | ${NETWORK_ID} | Number | ||
| DNS | ${DNS} | Text - single line | ||
| QG Host ID | ${QG_HOSTID} | Text - single line | The Qualys host ID assigned to the asset when Agentless Tracking is used or when a cloud agent is installed. | |
| Netbios | ${NETBIOS} | Text - single line | ||
| Vulnerability | Unique Value ID | ${UNIQUE_VULN_ID} | Number | The unique ID of the vulnerability detection. It distinguishes each vulnerability detection uniquely across different assets, ports, services, etc. |
| SSL | ${SSL} | Number | The value 1 is returned if the vulnerability was detected over SSL. The value 0 is returned if the vulnerability was not detected over SSL. | |
| Results | ${RESULTS} | Text - Multi line | ||
| First Found Datetime | ${FIRST_FOUND _DATETIME} | Text - single line | ||
| Last Found Datetime | ${LAST_FOUND _DATETIME} | Text - single line | ||
| Times Found | ${TIMES_FOUND} | Number | ||
| Last Test Datetime | ${LAST_TEST _DATETIME} | Text - single line | ||
| Last Update Datetime | ${LAST_UPDATE _DATETIME} | Text - single line | ||
| Last Fixed Datetime | ${LAST_FIXED _DATETIME} | Text - single line | ||
| Is Ignored | ${IS_IGNORED} | Number | Returns the Boolean value. A value of 1 means it is ignored, a value of 0 means it is not ignored. | |
| Is Disabled | ${IS_DISABLED} | Number | Returns the Boolean value. A value of 1 means it is disabled. A value of 0 means it is not disabled. | |
| Last Processed Datetime | ${LAST_PROCESSED _DATETIME} | Text - single line | ||
| Protocol | ${PROTOCOL} | Text - single line |
Ticketing Scheme 2: Per Detection Separate Ticket Scheme
| Issue Type | Field Name | Token | Field Type | Description |
|---|---|---|---|---|
| Host Vulnerability | Last VM Scanned Duration | ${LAST_VM_ SCANNED _DURATION} | Number | The scan duration (in seconds) for the most recent unauthenticated vulnerability scan on the asset. |
| Network ID | ${NETWORK_ID} | Number | ||
| DNS | ${DNS} | Text - single line | ||
| QG Host ID | ${QG_HOSTID} | Text - single line | The Qualys host ID assigned to the asset when Agentless Tracking is used or when a cloud agent is installed. | |
| Netbios | ${NETBIOS} | Text - single line | ||
| Unique Value ID | ${UNIQUE_VULN_ID} | Number | The unique ID of the vulnerability detection. It distinguishes each vulnerability detection uniquely across different assets, ports, services, etc. | |
| SSL | ${SSL} | Number | The value 1 is returned if the vulnerability was detected over SSL. The value 0 is returned if the vulnerability was not detected over SSL. | |
| Results | ${RESULTS} | Text - Multi line | ||
| First Found Datetime | ${FIRST_FOUND _DATETIME} | Text - single line | ||
| Last Found Datetime | ${LAST_FOUND _DATETIME} | Text - single line | ||
| Times Found | ${TIMES_FOUND} | Number | ||
| Last Test Datetime | ${LAST_TEST _DATETIME} | Text - single line | ||
| Last Update Datetime | ${LAST_UPDATE _DATETIME} | Text - single line | ||
| Last Fixed Datetime | ${LAST_FIXED _DATETIME} | Text - single line | ||
| Is Ignored | ${IS_IGNORED} | Number | Returns the Boolean value. A value of 1 means it is ignored, a value of 0 means it is not ignored. | |
| Is Disabled | ${IS_DISABLED} | Number | Returns the Boolean value. A value of 1 means it is disabled. A value of 0 means it is not disabled. | |
| Last Processed Datetime | ${LAST_PROCESSED _DATETIME} | Text - single line | ||
| Protocol | ${PROTOCOL} | Text - single line |
Ticketing Scheme 5: CS-Container-Link/Unlink Ticket Scheme
| Issue Type | Field Name | Token | Field Type | Description |
|---|---|---|---|---|
|
Link Vulnerable Container |
Cluster |
${cluster} |
Text Field (multi line) |
|
|
IsRoot |
${isRoot} |
Text Field (single line) |
||
|
Source |
${source} |
Text Field (single line) |
Shows the type of Sensor used. | |
|
Uuid |
${uuid} |
Text Field (single line) |
||
|
Path |
${path} |
Text Field (single line) |
||
|
ImageSHA |
${imageSha} |
Text Field (single line) |
||
|
Customer Uuid |
${customerUuid} |
Text Field (single line) |
||
|
IPV4 |
${ipv4} |
Text Field (single line) |
||
|
Imageuuid |
${imageUuid} |
Text Field (single line) |
||
|
State Changed |
${stateChanged} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance. hence the epoch time in API response might be use as is in Jira instance. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
| CS Link Vulnerability |
Results |
${vuln.result} |
Text Field (multi line) |
|
|
Last Found |
${vuln.lastFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
|
Vendor |
${vuln.vendor} |
Text Field (single line) |
||
|
Product |
${vuln.product} |
Text Field (single line) |
||
|
First Found |
${vuln.firstFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
|
QDS |
${vuln.risk} |
Number |
This is the score assigned to the respective Qualys detection. QDS range is 1-100. |
Ticketing Scheme 6: CS-Container-Sub-ticket Scheme
| Issue Type | Field Name | Token | Field Type | Description |
|---|---|---|---|---|
|
Vulnerable Container |
Cluster |
${cluster} |
Text Field (multi line) |
|
|
IsRoot |
${isRoot} |
Text Field (single line) |
||
|
Source |
${source} |
Text Field (single line) |
Shows the type of Sensor used. | |
|
Uuid |
${uuid} |
Text Field (single line) |
||
|
Path |
${path} |
Text Field (single line) |
||
|
ImageSHA |
${imageSha} |
Text Field (single line) |
||
|
Customer Uuid |
${customerUuid} |
Text Field (single line) |
||
|
IPV4 |
${ipv4} |
Text Field (single line) |
||
|
Imageuuid |
${imageUuid} |
Text Field (single line) |
||
|
State Changed |
${stateChanged} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
| Subticket Container Vulnerability | ||||
|
Results |
${vuln.result} |
Text Field (multi line) |
||
|
Last Found |
${vuln.lastFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
|
Vendor |
${vuln.vendor} |
Text Field (single line) |
||
|
Product |
${vuln.product} |
Text Field (single line) |
||
|
First Found |
${vuln.firstFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
|
QDS |
${vuln.risk} |
Number |
This is the score assigned to the respective Qualys detection. QDS range is 1-100. |
Ticketing Scheme 7: CS-Image-Link/Unlink Ticket Scheme
| Issue Type | Field Name | Token | Field Type | Description |
|---|---|---|---|---|
|
Link Vulnerable Image |
Uuid |
${uuid} |
Text Field (single line) |
|
|
Source |
${source} |
Text Field (single line) |
Shows the type of Sensor used. | |
|
Customer Uuid |
${customerUuid} |
Text Field (single line) |
||
|
Docker Version |
${dockerVersion} |
Text Field (single line) |
||
|
Architecture |
${architecture} |
Text Field (single line) |
||
|
Scan Status |
${scanStatus} |
Text Field (single line) |
||
|
Last Compliance Scanned |
${lastComplianceScanned} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
|
Size |
${size} |
Text Field (single line) |
||
|
Host Architecture |
${hostArchitecture} |
Text Field (single line) |
||
|
Link Image Vulnerability |
||||
|
Last Found |
${vuln.lastFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
|
First Found |
${vuln.firstFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | |
|
QDS |
${vuln.risk} |
Number |
This is the score assigned to the respective Qualys detection. QDS range is 1-100. | |
|
Title |
${vuln.title} |
Text Field (single line) |
||
|
Vendor |
${vuln.vendor} |
Text Field (single line) |
||
|
Product |
${vuln.product} |
Text Field (single line) |
Ticketing Scheme 8: CS-Image-Sub-ticket Scheme
| Issue Type | Field Name | Token | Field Type | Description | |
|---|---|---|---|---|---|
|
Vulnerable Image |
Uuid |
${uuid} |
Text Field (single line) |
||
|
Source |
${source} |
Text Field (single line) |
Shows the type of Sensor used. | ||
|
Customer Uuid |
${customerUuid} |
Text Field (single line) |
|||
|
Docker Version |
${dockerVersion} |
Text Field (single line) |
|||
|
Architecture |
${architecture} |
Text Field (single line) |
|||
|
Scan Status |
${scanStatus} |
Text Field (single line) |
|||
|
Last Compliance Scanned |
${lastComplianceScanned} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | ||
|
Size |
${size} |
Text Field (single line) |
|||
|
Host Architecture |
${hostArchitecture} |
Text Field (single line) |
|||
| Subticket Image Vulnreability |
Results |
${vuln.result} |
Text Field (multi line) |
||
|
Last Found |
${vuln.lastFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | ||
|
First Found |
${vuln.firstFound} |
Text Field (single line) |
This is an additional token if used then the epoch time in API response might be use as is in Jira instance.. You can use an online tool to convert the Unix timestamp into a human-readable date/time. For example, 1536134457859 converts to September 5, 2018 8:00:57.859 AM GMT. | ||
|
QDS |
${vuln.risk} |
Number |
This is the score assigned to the respective Qualys detection. QDS range is 1-100. | ||
|
Title |
${vuln.title} |
Text Field (single line) |
|||
|
Vendor |
${vuln.vendor} |
Text Field (single line) |
|||
|
Product |
${vuln.product} |
Text Field (single line) |
|||