Tuesday, 17 January 2017

Getting Qualys asset scan information via PowerShell

Content moved (15/May/2018)

This blog post has been migrated to https://www.tras2.co.uk/2017/01/17/getting-qualys-asset-scan-information-via-powershell/



7 comments:

  1. Very useful, crossing posting to Qualys community!

    ReplyDelete
  2. So if I wanted to use this to collect a different set of data, would I just change the QID? Is there a way for me to get Vulnerability and severity levels from this? Sorry.. I'm fairly new to Powershell.

    ReplyDelete
    Replies
    1. Hi, thnaks for your comment. Yes, if you change the QID, you would get the results for that QID. The PowerShell after that would be different to parse the result into a form you wanted.

      The vulnerability and severity levels are included in the response. For example, I used QID 105689 (EOL/Obsolete Software: Microsoft VC++ 2005 Detected) which returned the following elements:-
      <TYPE>Confirmed</TYPE>
      <SEVERITY>5</SEVERITY>


      Hope this helps

      Delete
  3. Thanks very much for your post.

    I found that using the CSV type may be easier to parse. Simply change the `output_type=XML` to `output_type=CSV` and then its already pre-formatted to parse. I used the following code, and apologies if this doesn't format correctly:

    $content = $HttpResponse.Content
    $lines = $content | select-string RESPONSE_BODY_CSV | select -ExpandProperty LineNumber
    $csv = content | select -Skip $lines[0] -First ($lines[2] - $lines[1] - 1) | Out-String | ConvertFrom-Csv

    # Provide optional filtering if required
    # $csv | ConvertFrom-QualysRecord
    $csv

    ReplyDelete
    Replies
    1. Amended script, as I had my array references incorrect:

      $content = $HttpResponse.Content

      # The 'CSV' has marker lines, so extract the body
      $lines = $content | select-string RESPONSE_BODY_CSV | select -ExpandProperty LineNumber

      # The lines above mark the beginning ($lines[0]) and end ($lines[1]) of the content
      $csv = content | select -Skip $lines[0] -First ($lines[1] - $lines[0] - 1) | Out-String | ConvertFrom-Csv

      # Provide optional filtering if required
      # $csv | ConvertFrom-QualysRecord
      $csv

      Delete
    2. Thanks for your comment. I'd overlooked CSV as a format, i'll see if I can make any of my scripts simpler in the future by using that format

      Delete