Consolidates and optimizes the rescanning of VITs and IPs, through the use of Qualys API Requests and automatic ServiceNow webpage redirects.
Python version: Python 3.11.5
Go to Releases on the right hand side pane in this repository and download the .exe
If instead you want to run the code via the .py file then follow the steps below:
- Download the .zip file and extract
- To install the required libaries navigate to the directory of requirements.txt and run
pip install -r requirements.txt
Upon your first time running the program it will create a config folder in your appdata
To change your configurations click the black button with the gear icon at the top right of the screen and then apply changes
Finally change the Scan type: settings by clicking the purple gear icon to the right of the drop down
- Login to Qualys on your browser, as some buttons open up Qualys webpages
ClickLogin to Qualysfor easy login - Copy your email (you can go and cherry pick the VITs or just
Ctrl + a->Ctrl + c) - Paste into textbox that says "Paste email's contents here"
- Click
Look up VIT(s)
The VIT detections table will open, if you get a logout webpage just close that tab then reclickLook up VIT(s)- Be sure Status is the FIRST column in your configuration, and Integration run is the LAST column
Ctrl + a->Ctrl + cthe ENTIRE VIT detections table- Paste into textbox where you pasted the email
- Click
Look up QID(s) and IP(s)
TheVIT(s),QID(s), andIP(s)lists should populate
In your browser the QIDs table will open, showcasing which QIDs from the VITs are Cloud Agent compatable
The Cloud Agent Manager in Qualys will also open, and in order to easily check if the devices in the VITs have a cloud agent, justCtrl + vinto the search bar!
The above step works because the Look up QID(s) and IP(s) button copies the CIs to your clipboard - Enter your scan title in the
Title:field - Choose your scan type in the
Scan type:field - Click
Launch scan
The application will freeze as the request gets processed, then the Scan History in Qualys will open in the browser, showcasing the scan being launched - After scan finishes click
Get VITs to close
This opens up the VIT table in SNOW and showcases all the VITs that now read as FIXED in Qualys
NOTE: THERE MIGHT BE SOME LAG BETWEEN THE SCAN FINISHING AND THE RESULTS BEING UPDATED IN THE VMDR SO ALWAYS DOUBLE CHECK IF SOMETHING SEEMS WRONG - Enjoy : )
| Button name | Button function |
|---|---|
| Look up VIT(s) | - Uses REGEX to extract VITs from an email - Then opens detection table where VITs match |
| Look up QID(s) and IP(s) | - Populates VIT(s), QID(s), and IP(s) lists- Opens a list of cloud agent compatible QIDs - Opens Qualys' Cloud Agent Manager - Copies CIs to clipboard |
| Login to Qualys | - Opens SSO login to Qualys |
| Open VMDR | - Pulls from the current QID(s) and IP(s) and queries the VMDR in your default browser |
| Email copy paste | - Copies the text "VIT(s) closed, vulnerabilities have been fixed according to rescan." to the clipboard |
| Get VITs to close | - Pulls from VIT(s), QID(s), and IP(s) and queries the VMDR for FIXED vulnerabilities- Opens up a pop up window and a table in SNOW showing which VITs can be closed |
- Sometimes all you have to scan is an IP and not a list of VITs
In these scenerios you'll want to go to the text box under theIP(s)list and click theAddbutton
In theory if you paste all the IPs in the format "ip1, ip2, ip3, ..." then clickAddthe scan should still work however I'd recommend just adding them one by one - The
Copybutton under all these lists allow for easy copying and pasting of the entire list
Note: copying is in format entry1, entry2, entry3, ...
| Search List ID | Fields Required |
|---|---|
not NULL |
Title, QID(s), and IP(s) |
NULL |
Title and IP(s) |