Knowing the Nodes
Click here to see this page in full context


Knowing the Nodes

Qualys Flow categorizes nodes based on the type of function they perform.
To access the nodes,

1. Log in to your Qualys Flow account.

2. Go to the Editor tab and click the explore nodes icon located at the top left corner of the Editor window.

The Explore Nodes pop-up window is displayed.

To know the function of these nodes, refer to the following table.

Node

Function

Trigger

By default, is the first node present in the editor for any QFlow. The trigger can be time-based, AWS event-based, manual, or TotalCloud . 

  • Schedule: Use this option to trigger the QFlow at specific times.

  • Manual: Use this option to trigger the QFlow at any instance of time by clicking the Run Now button. By default, the trigger is set to manual.

  • TotalCloud: Use this option to sync the trigger of the QFlow with the trigger of the CSPM connector. 

  • Event: Use this option to trigger the workflow in response to AWS cloud events and connector CRUD events. The Events trigger works when the rule is configured at the event bridge of your AWS account. 

AWS Nodes (Cloud-Specific Nodes)

AWS Resource

It fetches the resources that belong to a specific AWS service. The node can access all AWS services and resources available to you. For example, you can select the RDS service and use DB instances as a method in the AWS resource node to get metadata of RDS DB instances.

AWS Action

It performs the action you define on the selected resources; the actual automation is accomplished in this node. For example, after identifying the list of publicly available RDS DB instances, you can perform the action i.e. delete DB Instances.

 Azure Nodes (Cloud-Specific Nodes)

Azure Resource

It fetches the resources that belong to a specific Azure service. The node can access all Azure services and resources available to you. It fetches all the resources provided by Azure Software Development Kit (SDK) that belong to a specific Azure service.

Azure Action 

It performs the action you define on the selected resources; the actual automation is accomplished in this node. It performs all the actions that are part of Azure SDK defined in the selected resources.
GCP Nodes (Cloud-Specific Nodes)

GCP Resource

It fetches the resources that belong to a specific GCP service. The node can access all GCP services and resources available to you. For example, you can select the Google Compute Engine for service, Instances for resources, and the specific API that you want to execute (For example, List to get all the VM instances under Google Compute Engine)

GCP Action

It performs the action you define on the selected resources; the actual automation is accomplished in this node. The GCP Action node can perform any action that is available for a resource, in the GCP SDK.

General Nodes

Filter

It performs filtering of the resources based on a set of conditions. You can combine criteria using logical AND/OR conditions to filter this data. For example, you can filter publicly available RDS DB instances from all RDS DB instances using the Filter node. Use the following filters based on various fields:

  • Param: To filter the data based on metadata.

  • Date: To filter the data based on a date, like resources created in the last 30 days. 

  • Tags: To filter the data based on tags.

  • Security Group: To filter the data based on the security group.

  • Network ACLs: To filter the data based on Access Control lists.

  • Function: To filter the data based on functions. You can create functions using Java codes.

Report

It allows users to generate and download reports of the selected data in CSV or JSON format.

Custom

It is used to write scripts to create complex filters, customize the selected data, data transformation like XML to JSON, etc. It supports java script code, and some libraries of nodes.

HTTP

It makes HTTP(S) calls from a QFlow. This allows you to integrate the third-party application or service with an HTTP endpoint via API Calls. You can place the HTTP node anywhere in the QFlow. 

Workflow Trigger

It is used to trigger another workflow (QFlow) present within the QFlow application.
 

Data Formatter

It takes in the output of the previous node as input and allows to format it as per requirement. 

Data Joiner

It joins data from two previous nodes. 

TotalCloud 

It is the TotalCloud-specific node. When you want to use QFlow in the TotalCloud application, you need to add the TotalCloud node. 

RAW

It is an API node that allows you to call any API function supported by the cloud service platform and perform the action on the resources.
Loop It executes the defined process. It evaluates the exit expression or number of loops before determining to run again or move to the next node. This Loop node runs the defined process at least once, regardless of previous activities. You can select the number of loops from 1 and 10.
Large HTTP It allows you to integrate the third-party application with an HTTP endpoint. Large HTTP nodes can be used to call APIs that return a large amount of data.

 

Related Topics

Viewing your QFlows

Using QFlows in TotalCloud

Creating QFlows from Scratch

Creating QFlows from a Template