Tuesday, 17 January 2017

Getting Qualys asset scan information via PowerShell

We use Qualys Vulnerability Management at work to scan our assets for vulnerabilities.  I needed to identify which assets hadn't been scanned in a long time.  This could be done through the web interface by going to Assets->Asset Search and searching for assets with a Last Scan Date not within X days.  But I needed to work with the results in PowerShell for further automation tasks

The Qualys API is pretty will documented here (version 1) and here (version 2).  I'm going to use version 2 of the API as that's the latest supported version at time of writing

I'm also using PowerShell version 4 as that's what I've currently got installed on my workstation & automation server

First, lets setup some variables to hold our Qualys platform name & username/password details

Then we need to do some things to create the appropriate HTTP headers which the API expects, configure the number of hosts we want information back about and eventually use PowerShell's Invoke-WebRequest to make the API request

At this point, $HttpResponse is a HtmlWebResponseObject which has a property called 'Content'.  This contains the data the Qualys server sent to us following our request

The $HttpResponse.Content is a string which is difficult to work with.  However, as we requested Qualys to return the data in XML format, we should be able to convert the string to an XML object:-

And now we can work with the XML much easier.  We can loop round each host and create a PowerShell objects for each host with the scan data, properly formed as we would expect in PowerShell

$HostAssets now can be worked with in PowerShell for easy sorting/searching

If you find this useful, please let me know via the comments section below


EDIT 18/01/2016
The PowerShell code used in this post can be found here