Qualys command is part of Qualys module
fcpc qualys create-tag 'name'
fcpc qualys create-tag 'parent:child'
fcpc qualys delete-tag 'name'
fcpc qualys delete-tag '+id'
fcpc qualys tag-assets 'tag' 'host1' 'host2' ...
fcpc qualys tag-assets-with-tag 'tag' 'qtag'
fcpc qualys untag-assets 'tag' 'host1' ...
fcpc qualys tag-assets-by-query 'tag' query
It searches all qualyshost assets with corresponding tag and tag them back to qualys
fcpc qualys tag-assets-by-tag 'tag' 'prefix'
fcpc qualys import-assets file.xml [file2.xml] ...
fcpc qualys import-kb file.xml [file2.xml] ...
fcpc qualys import-patchreport file.xml [file2.xml] ...
fcpc qualys download-assets
fcpc qualys download-kb [filename]
You need to define --qualys.patchreport.name in fcplib.ini or add parameter to this command
fcpc qualys download-patchreport filename
fcpc qualys download-accounts
fcpc qyalys import-accounts
fcpc qualys add-ips-to-ag ag ip [ip]
fcpc qualys del-ips-from-ag ag ip [ip]
fcpc qualys update-ag-by-query query
fcpc qualys del-assets asset1 [asset2] ...
fcpc qualys del-assets query
fcpc --qualys.appliance=app1 qualys launch-map-scan-on-domain "title" domain1,domain2,....
fcpc --qualys.appliance=app1 qualys launch-map-scan-on-asset-group "title" ag1,ag2,....
fcpc qualys vulnerability-trending "qid1,qid2,qid3,..." how_many_days_back
usage: fcpc qualys [-h] [--qualys.apihost QUALYS.APIHOST] [--qualys.patchreport.xml QUALYS.PATCHREPORT.XML]
[--qualys.assets.xml QUALYS.ASSETS.XML] [--qualys.kb.xml QUALYS.KB.XML]
[--qualys.accounts.xml QUALYS.ACCOUNTS.XML] [--qualys.map.xml QUALYS.MAP.XML]
[--qualys.apiuser QUALYS.APIUSER] [--qualys.patchreport.name QUALYS.PATCHREPORT.NAME]
[--qualys.scan.name QUALYS.SCAN.NAME] [--qualys.apipassword QUALYS.APIPASSWORD]
[--qualys.apipagesize QUALYS.APIPAGESIZE] [--qualys.kbapipagesize QUALYS.KBAPIPAGESIZE]
[--qualys.tag.description QUALYS.TAG.DESCRIPTION] [--qualys.index.software QUALYS.INDEX.SOFTWARE]
[--qualys.index.onlytag.software tag] [--qualys.tag.map QUALYS.TAG.MAP]
[--qualys.index.vulnerabilities QUALYS.INDEX.VULNERABILITIES]
[--qualys.index.cves QUALYS.INDEX.CVES] [--qualys.index.missingvulns QUALYS.INDEX.MISSINGVULNS]
[--qualys.index.map QUALYS.INDEX.MAP] [--qualys.index.l4interfaces QUALYS.INDEX.L4INTERFACES]
[--qualys.index.onlytag.l4interfaces tag] [--qualys.index.l2interfaces QUALYS.INDEX.L2INTERFACES]
[--qualys.index.onlytag.l2interfaces tag] [--qualys.index.l3interfaces QUALYS.INDEX.L3INTERFACES]
[--qualys.index.onlytag.l3interfaces tag] [--qualys.agnew.enable_pc QUALYS.AGNEW.ENABLE_PC]
[--qualys.agnew.enable_certview QUALYS.AGNEW.ENABLE_CERTVIEW]
[--qualys.agnew.enable_sca QUALYS.AGNEW.ENABLE_SCA]
[--qualys.tag.ignore_missing QUALYS.TAG.IGNORE_MISSING]
[--qualys.tag.ignore_multiple QUALYS.TAG.IGNORE_MULTIPLE]
[--qualys.del.ignore_missing QUALYS.DEL.IGNORE_MISSING]
[--qualys.del.ignore_multiple QUALYS.DEL.IGNORE_MULTIPLE] [--qualys.dry QUALYS.DRY]
[--qualys.retry.count QUALYS.RETRY.COUNT] [--qualys.retry.sleep QUALYS.RETRY.SLEEP]
[--qualys.appliance QUALYS.APPLIANCE] [--qualys.inactive.asset QUALYS.INACTIVE.ASSET]
[--qualys.untag.assets QUALYS.UNTAG.ASSETS] [--qualys.update.vulns QUALYS.UPDATE.VULNS]
[--qualys.report.lastepoch str] [--qualys.report.query.vuln_critical str]
[--qualys.report.query.vuln str] [--qualys.deduplicate.prefix str] [--qualys.asset.tag str]
[--qualys.vulnerability_trending.filename str]
{create-tag,delete-tag,search-tag,tag-assets,tag-assets-with-tag,tag-assets-by-query,tag-assets-by-tag,untag-assets,untag-assets-by-query,import-assets,import-patchreport,import-kb,download-assets,download-patchreport,download-kb,download-accounts,import-accounts,download-and-import-all,import-all,update-ag-by-query,add-ips-to-ag,del-ips-from-ag,del-assets,del-assets-by-query,list-scans,list-maps,download-map,download-scan,import-map,import-scan,launch-map-scan-on-domain,launch-map-scan-on-asset-group,vulnerability-trending}
[qobjects ...]
positional arguments:
{create-tag,delete-tag,search-tag,tag-assets,tag-assets-with-tag,tag-assets-by-query,tag-assets-by-tag,untag-assets,untag-assets-by-query,import-assets,import-patchreport,import-kb,download-assets,download-patchreport,download-kb,download-accounts,import-accounts,download-and-import-all,import-all,update-ag-by-query,add-ips-to-ag,del-ips-from-ag,del-assets,del-assets-by-query,list-scans,list-maps,download-map,download-scan,import-map,import-scan,launch-map-scan-on-domain,launch-map-scan-on-asset-group,vulnerability-trending}
Choices:
create-tag
delete-tag
search-tag
tag-assets
tag-assets-with-tag
tag-assets-by-query
tag-assets-by-tag
untag-assets
untag-assets-by-query
import-assets
import-patchreport
import-kb
download-assets
download-patchreport
download-kb
download-accounts
import-accounts
download-and-import-all
import-all
update-ag-by-query
add-ips-to-ag
del-ips-from-ag
del-assets
del-assets-by-query
list-scans
list-maps
download-map
download-scan
import-map
import-scan
launch-map-scan-on-domain
launch-map-scan-on-asset-group
vulnerability-trending
qobjects
optional arguments:
-h, --help show this help message and exit
--qualys.apihost QUALYS.APIHOST
Qualys FQDN API[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.patchreport.xml QUALYS.PATCHREPORT.XML
Name of patch file. Default patchreport.xml[Defined:fcplib.module.qualys.cmd] (default:
patchreport.xml)
--qualys.assets.xml QUALYS.ASSETS.XML
Name of assets file. Default assets.xml[Defined:fcplib.module.qualys.cmd] (default:
assets.xml)
--qualys.kb.xml QUALYS.KB.XML
Name of assets file. Default kb.xml[Defined:fcplib.module.qualys.cmd] (default: kb.xml)
--qualys.accounts.xml QUALYS.ACCOUNTS.XML
Name of accounts file. Default accounts.xml[Defined:fcplib.module.qualys.cmd] (default:
accounts.xml)
--qualys.map.xml QUALYS.MAP.XML
Name of map file. Default map ID[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.apiuser QUALYS.APIUSER
Qualys username for login[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.patchreport.name QUALYS.PATCHREPORT.NAME
Qualys patchreport name to download[Defined:fcplib.module.qualys.cmd] (default: Patchable
Vulnerabilities)
--qualys.scan.name QUALYS.SCAN.NAME
Qualys scan name to download[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.apipassword QUALYS.APIPASSWORD
Qualys password for login[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.apipagesize QUALYS.APIPAGESIZE
Number of assets which will be downloaded by api call.[Defined:fcplib.module.qualys.cmd]
(default: 1000)
--qualys.kbapipagesize QUALYS.KBAPIPAGESIZE
Number of vulnerabilities which will be downloaded by api
call.[Defined:fcplib.module.qualys.cmd] (default: 100)
--qualys.tag.description QUALYS.TAG.DESCRIPTION
Not usable now.[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.index.software QUALYS.INDEX.SOFTWARE
If it is set to 1, import-assets will import also Softwares on assets. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.onlytag.software tag
If set, will import only software of assets with this tag.[Defined:fcplib.module.qualys.cmd]
(default: None)
--qualys.tag.map QUALYS.TAG.MAP
Map tags between qualys and platform. Format:
qualystag=platformtag[Defined:fcplib.module.qualys.cmd] (default: [])
--qualys.index.vulnerabilities QUALYS.INDEX.VULNERABILITIES
If it is set to 1, import-assets will import also vulnerabilities on assets. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.cves QUALYS.INDEX.CVES
If it is set to 1, import-kb will import also Cve. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.missingvulns QUALYS.INDEX.MISSINGVULNS
0 - will not import missing vulnerabilities from patchreport, 1 - import missing
vulnerabilities[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.map QUALYS.INDEX.MAP
If it is set to 1, maps from Qualys will be indexed. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.l4interfaces QUALYS.INDEX.L4INTERFACES
If it is set to 1, import-assets will import also OpenPorts(L4 interfaces) on
assets.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.onlytag.l4interfaces tag
If set, will import only l4 interfaces of assets with this
tag.[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.index.l2interfaces QUALYS.INDEX.L2INTERFACES
If it is set to 1, import-assets will import also asset L2
interfaces.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.index.onlytag.l2interfaces tag
If set, will import only l2 interfaces of assets with this
tag.[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.index.l3interfaces QUALYS.INDEX.L3INTERFACES
If it is set to 1, import-assets will import also asset L3
interfaces.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.onlytag.l3interfaces tag
If set, will import only l3 interfaces of assets with this
tag.[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.agnew.enable_pc QUALYS.AGNEW.ENABLE_PC
If it is set to 1, adding IP to asset group will enable PC.[Defined:fcplib.module.qualys.cmd]
(default: 1)
--qualys.agnew.enable_certview QUALYS.AGNEW.ENABLE_CERTVIEW
If it is set to 1, adding IP to asset group will enable
Certview.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.agnew.enable_sca QUALYS.AGNEW.ENABLE_SCA
If it is set to 1, adding IP to asset group will enable SCA.[Defined:fcplib.module.qualys.cmd]
(default: 0)
--qualys.tag.ignore_missing QUALYS.TAG.IGNORE_MISSING
If it is set to 1, tagging hosts will ignore if host does not
exists.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.tag.ignore_multiple QUALYS.TAG.IGNORE_MULTIPLE
If it is set to 1, tagging hosts will ignore if hostname is multiplied in
qualys.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.del.ignore_missing QUALYS.DEL.IGNORE_MISSING
If it is set to 1, deleting hosts will ignore if host does not
exists.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.del.ignore_multiple QUALYS.DEL.IGNORE_MULTIPLE
If it is set to 1, deleting hosts will ignore if hostname is multiplied in
qualys.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.dry QUALYS.DRY
Do nothing in qualys (add ip, add ips to asset group...)[Defined:fcplib.module.qualys.cmd]
(default: 0)
--qualys.retry.count QUALYS.RETRY.COUNT
How many time to try to retry on Qualys API error[Defined:fcplib.module.qualys.cmd] (default:
5)
--qualys.retry.sleep QUALYS.RETRY.SLEEP
How many seconds to sleep after Qualys API error[Defined:fcplib.module.qualys.cmd] (default:
60)
--qualys.appliance QUALYS.APPLIANCE
Qualys appliance name for scans[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.inactive.asset QUALYS.INACTIVE.ASSET
Determine which assets is inactive (how long it was not
scanned)[Defined:fcplib.module.qualys.cmd] (default: 7)
--qualys.untag.assets QUALYS.UNTAG.ASSETS
1 for untagging assets before tag-assets-with-tag, 0 disable[Defined:fcplib.module.qualys.cmd]
(default: 1)
--qualys.update.vulns QUALYS.UPDATE.VULNS
If it is set to 1, download-and-import-all will also update vulns. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.report.lastepoch str
Last epoch when report was run for diff queries[Defined:fcplib.module.qualys.cmd] (default:
{previous})
--qualys.report.query.vuln_critical str
Define query for critical vulnerabilities[Defined:fcplib.module.qualys.cmd] (default: (qrti:
*exploit_kit* OR qrti: *active_attacks*) AND severity: [3 TO 5])
--qualys.report.query.vuln str
Define query for vulnerabilities[Defined:fcplib.module.qualys.cmd] (default: severity: [3 TO
5] AND (tag: "qualys:vulnerability:confirmed" OR tag: "qualys:vulnerability:potential"))
--qualys.deduplicate.prefix str
Define prefix of tag to search for from assetlinker[Defined:fcplib.module.qualys.cmd]
(default: qualys)
--qualys.asset.tag str
Tag of assets which will be imported[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.vulnerability_trending.filename str
Name of vulnerability trending report file[Defined:fcplib.module.qualys.cmd] (default:
vulnerability_trending)