Consolidates and optimizes the rescanning of VITs and IPs, through the use of Qualys API Requests and automatic ServiceNow webpage redirects.
Python version: Python 3.11.5
Go to Releases on the right hand side pane in this repository and download the .exe
If instead you want to run the code via the .py file then download and import the requirements.txt
Upon your first time running the program it will create a config folder and crash
This error message will ask the user to update the default configuration settings
To do this go into the config/config.json
file and update the API_KEY
, QUALYS_PLATFORM
, LOGIN_URL
, SNOW_URL
, and SCANNER_APPLIANCE
- Login to Qualys on your browser, as some buttons open up Qualys webpages
ClickLogin to Qualys
for easy login - Copy your email (you can go and cherry pick the VITs or just
Ctrl + a
->Ctrl + c
) - Paste into textbox that says "Paste email's contents here"
- Click
Look up VIT(s)
The VIT detections table will open, if you get a logout webpage just close that tab then reclickLook up VIT(s)
Ctrl + a
->Ctrl + c
the ENTIRE VIT detections table- Paste into textbox where you pasted the email
- Click
Look up QID(s) and IP(s)
TheVIT(s)
,QID(s)
, andIP(s)
lists should populate
In your browser the QIDs table will open, showcasing which QIDs from the VITs are Cloud Agent compatable
The Cloud Agent Manager in Qualys will also open, and in order to easily check if the devices in the VITs have a cloud agent, justCtrl + v
into the search bar!
The above step works because the Look up QID(s) and IP(s) button copies the IPs to your clipboard - Enter your scan title in the
Title:
field - Choose your scan type in the
Scan type:
field - Click
Launch scan
The application will freeze as the request gets processed, then the Scan History in Qualys will open in the browser, showcasing the scan being launched - After scan finishes click
Get VITs to close
This opens up the VIT table in SNOW and showcases all the VITs that now read as FIXED in Qualys
NOTE: THERE MIGHT BE SOME LAG BETWEEN THE SCAN FINISHING AND THE RESULTS BEING UPDATED IN THE VMDR SO ALWAYS DOUBLE CHECK IF SOMETHING SEEMS WRONG - Enjoy : )
Button name | Button function |
---|---|
Look up VIT(s) | - Uses REGEX to extract VITs from an email - Then opens detection table where VITs match |
Look up QID(s) and IP(s) | - Populates VIT(s) , QID(s) , and IP(s) lists- Opens a list of cloud agent compatible QIDs - Opens Qualys' Cloud Agent Manager - Copies IPs to clipboard |
Login to Qualys | - Opens SSO login to Qualys |
Open VMDR | - Pulls from the current QID(s) and IP(s) and queries the VMDR in your default browser |
Email copy paste | - Copies the text "VIT(s) closed, vulnerabilities have been fixed according to rescan." to the clipboard |
Get VITs to close | - Pulls from VIT(s) , QID(s) , and IP(s) and queries the VMDR for FIXED vulnerabilities- Opens up a pop up window and a table in SNOW showing which VITs can be closed |
- Sometimes all you have to scan is an IP and not a list of VITs
In these scenerios you'll want to go to the text box under theIP(s)
list and click theAdd
button
In theory if you paste all the IPs in the format "ip1, ip2, ip3, ..." then clickAdd
the scan should still work however I'd recommend just adding them one by one - The
Copy
button under all these lists allow for easy copying and pasting of the entire list
Note: copying is in format entry1, entry2, entry3, ...
Type | Fields Required |
---|---|
Custom QID(s) | Title , QID(s) , and IP(s) |
Internal Default | Title and IP(s) |
Dead Host | Title and IP(s) |