usage: fcpc qualys [-h] [--qualys.apihost QUALYS.APIHOST]
[--qualys.patchreport.xml QUALYS.PATCHREPORT.XML]
[--qualys.assets.xml QUALYS.ASSETS.XML]
[--qualys.kb.xml QUALYS.KB.XML]
[--qualys.accounts.xml QUALYS.ACCOUNTS.XML]
[--qualys.map.xml QUALYS.MAP.XML]
[--qualys.apiuser QUALYS.APIUSER]
[--qualys.patchreport.name QUALYS.PATCHREPORT.NAME]
[--qualys.scan.name QUALYS.SCAN.NAME]
[--qualys.apipassword QUALYS.APIPASSWORD]
[--qualys.apipagesize QUALYS.APIPAGESIZE]
[--qualys.kbapipagesize QUALYS.KBAPIPAGESIZE]
[--qualys.tag.description QUALYS.TAG.DESCRIPTION]
[--qualys.index.software QUALYS.INDEX.SOFTWARE]
[--qualys.index.onlytag.software tag]
[--qualys.tag.map QUALYS.TAG.MAP]
[--qualys.index.vulnerabilities QUALYS.INDEX.VULNERABILITIES]
[--qualys.index.onlytag.assets tag]
[--qualys.index.cves QUALYS.INDEX.CVES]
[--qualys.index.map QUALYS.INDEX.MAP]
[--qualys.index.l4interfaces QUALYS.INDEX.L4INTERFACES]
[--qualys.index.onlytag.l4interfaces tag]
[--qualys.index.l2interfaces QUALYS.INDEX.L2INTERFACES]
[--qualys.index.onlytag.l2interfaces tag]
[--qualys.index.l3interfaces QUALYS.INDEX.L3INTERFACES]
[--qualys.index.onlytag.l3interfaces tag]
[--qualys.agnew.enable_pc QUALYS.AGNEW.ENABLE_PC]
[--qualys.agnew.enable_certview QUALYS.AGNEW.ENABLE_CERTVIEW]
[--qualys.agnew.enable_sca QUALYS.AGNEW.ENABLE_SCA]
[--qualys.tag.ignore_missing QUALYS.TAG.IGNORE_MISSING]
[--qualys.tag.ignore_multiple QUALYS.TAG.IGNORE_MULTIPLE]
[--qualys.del.ignore_missing QUALYS.DEL.IGNORE_MISSING]
[--qualys.del.ignore_multiple QUALYS.DEL.IGNORE_MULTIPLE]
[--qualys.dry QUALYS.DRY]
[--qualys.retry.count QUALYS.RETRY.COUNT]
[--qualys.retry.sleep QUALYS.RETRY.SLEEP]
[--qualys.appliance QUALYS.APPLIANCE]
[--qualys.inactive.asset QUALYS.INACTIVE.ASSET]
[--qualys.untag.assets QUALYS.UNTAG.ASSETS]
[--qualys.index.kb QUALYS.INDEX.KB]
[--qualys.index.patches QUALYS.INDEX.PATCHES]
[--qualys.report.lastepoch str]
[--qualys.report.query.vuln_critical str]
[--qualys.report.query.vuln str]
[--qualys.deduplicate.prefix str] [--qualys.asset.tag str]
[--qualys.vulnerability_trending.filename str]
[--qualys.tag.ruletype str]
[--qualys.activationkey.type str]
[--qualys.activationkey.limit str]
[--qualys.activationkey.expiredate str]
[--qualys.activationkey.modules str]
[--qualys.activationkey.tags str]
[--qualys.tag.criticality str]
{create-tag,delete-tag,search-tag,tag-assets,tag-assets-with-tag,tag-assets-by-query,tag-assets-by-tag,untag-assets,untag-assets-by-query,import-assets,import-patchreport,import-kb,download-assets,download-patchreport,download-kb,download-accounts,import-accounts,download-and-import-all,import-all,update-ag-by-query,add-ips-to-ag,del-ips-from-ag,del-assets,del-assets-by-query,search-assets,count-assets,list-scans,list-maps,download-map,download-scan,import-map,import-scan,launch-map-scan-on-domain,launch-map-scan-on-asset-group,vulnerability-trending,create-key}
[qobjects ...]
positional arguments:
{create-tag,delete-tag,search-tag,tag-assets,tag-assets-with-tag,tag-assets-by-query,tag-assets-by-tag,untag-assets,untag-assets-by-query,import-assets,import-patchreport,import-kb,download-assets,download-patchreport,download-kb,download-accounts,import-accounts,download-and-import-all,import-all,update-ag-by-query,add-ips-to-ag,del-ips-from-ag,del-assets,del-assets-by-query,search-assets,count-assets,list-scans,list-maps,download-map,download-scan,import-map,import-scan,launch-map-scan-on-domain,launch-map-scan-on-asset-group,vulnerability-trending,create-key}
Choices:
create-tag
delete-tag
search-tag
tag-assets
tag-assets-with-tag
tag-assets-by-query
tag-assets-by-tag
untag-assets
untag-assets-by-query
import-assets
import-patchreport
import-kb
download-assets
download-patchreport
download-kb
download-accounts
import-accounts
download-and-import-all
import-all
update-ag-by-query
add-ips-to-ag
del-ips-from-ag
del-assets
del-assets-by-query
search-assets
count-assets
list-scans
list-maps
download-map
download-scan
import-map
import-scan
launch-map-scan-on-domain
launch-map-scan-on-asset-group
vulnerability-trending
create-key
qobjects
optional arguments:
-h, --help show this help message and exit
--qualys.apihost QUALYS.APIHOST
Qualys FQDN API[Defined:fcplib.module.qualys.cmd]
(default: None)
--qualys.patchreport.xml QUALYS.PATCHREPORT.XML
Name of patch file. Default
patchreport.xml[Defined:fcplib.module.qualys.cmd]
(default: patchreport.xml)
--qualys.assets.xml QUALYS.ASSETS.XML
Name of assets file. Default
assets.xml[Defined:fcplib.module.qualys.cmd] (default:
assets.xml)
--qualys.kb.xml QUALYS.KB.XML
Name of assets file. Default
kb.xml[Defined:fcplib.module.qualys.cmd] (default:
kb.xml)
--qualys.accounts.xml QUALYS.ACCOUNTS.XML
Name of accounts file. Default
accounts.xml[Defined:fcplib.module.qualys.cmd]
(default: accounts.xml)
--qualys.map.xml QUALYS.MAP.XML
Name of map file. Default map
ID[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.apiuser QUALYS.APIUSER
Qualys username for
login[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.patchreport.name QUALYS.PATCHREPORT.NAME
Qualys patchreport name to
download[Defined:fcplib.module.qualys.cmd] (default:
Patchable Vulnerabilities)
--qualys.scan.name QUALYS.SCAN.NAME
Qualys scan name to
download[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.apipassword QUALYS.APIPASSWORD
Qualys password for
login[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.apipagesize QUALYS.APIPAGESIZE
Number of assets which will be downloaded by api
call.[Defined:fcplib.module.qualys.cmd] (default:
1000)
--qualys.kbapipagesize QUALYS.KBAPIPAGESIZE
Number of vulnerabilities which will be downloaded by
api call.[Defined:fcplib.module.qualys.cmd] (default:
100)
--qualys.tag.description QUALYS.TAG.DESCRIPTION
Not usable now.[Defined:fcplib.module.qualys.cmd]
(default: None)
--qualys.index.software QUALYS.INDEX.SOFTWARE
If it is set to 1, import-assets will import also
Softwares on assets. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.onlytag.software tag
If set, will import only software of assets with this
tag.[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.tag.map QUALYS.TAG.MAP
Map tags between qualys and platform. Format:
qualystag=platformtag - map simple tag
qualystag:*=platformtag/ - map all subtags within
qualys to value tag qualystag:*=platformtag= - map all
subtags within qualys to unique
tag[Defined:fcplib.module.qualys.cmd] (default: [])
--qualys.index.vulnerabilities QUALYS.INDEX.VULNERABILITIES
If it is set to 1, import-assets will import also
vulnerabilities on assets. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.onlytag.assets tag
If set, will import only assets of assets with this
tag.[Defined:fcplib.module.qualys.cmd] (default: None)
--qualys.index.cves QUALYS.INDEX.CVES
If it is set to 1, import-kb will import also Cve.
Default is 1.[Defined:fcplib.module.qualys.cmd]
(default: 1)
--qualys.index.map QUALYS.INDEX.MAP
If it is set to 1, maps from Qualys will be indexed.
Default is 1.[Defined:fcplib.module.qualys.cmd]
(default: 1)
--qualys.index.l4interfaces QUALYS.INDEX.L4INTERFACES
If it is set to 1, import-assets will import also
OpenPorts(L4 interfaces) on
assets.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.onlytag.l4interfaces tag
If set, will import only l4 interfaces of assets with
this tag.[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.index.l2interfaces QUALYS.INDEX.L2INTERFACES
If it is set to 1, import-assets will import also
asset L2 interfaces.[Defined:fcplib.module.qualys.cmd]
(default: 0)
--qualys.index.onlytag.l2interfaces tag
If set, will import only l2 interfaces of assets with
this tag.[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.index.l3interfaces QUALYS.INDEX.L3INTERFACES
If it is set to 1, import-assets will import also
asset L3 interfaces.[Defined:fcplib.module.qualys.cmd]
(default: 1)
--qualys.index.onlytag.l3interfaces tag
If set, will import only l3 interfaces of assets with
this tag.[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.agnew.enable_pc QUALYS.AGNEW.ENABLE_PC
If it is set to 1, adding IP to asset group will
enable PC.[Defined:fcplib.module.qualys.cmd] (default:
1)
--qualys.agnew.enable_certview QUALYS.AGNEW.ENABLE_CERTVIEW
If it is set to 1, adding IP to asset group will
enable Certview.[Defined:fcplib.module.qualys.cmd]
(default: 0)
--qualys.agnew.enable_sca QUALYS.AGNEW.ENABLE_SCA
If it is set to 1, adding IP to asset group will
enable SCA.[Defined:fcplib.module.qualys.cmd]
(default: 0)
--qualys.tag.ignore_missing QUALYS.TAG.IGNORE_MISSING
If it is set to 1, tagging hosts will ignore if host
does not exists.[Defined:fcplib.module.qualys.cmd]
(default: 0)
--qualys.tag.ignore_multiple QUALYS.TAG.IGNORE_MULTIPLE
If it is set to 1, tagging hosts will ignore if
hostname is multiplied in
qualys.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.del.ignore_missing QUALYS.DEL.IGNORE_MISSING
If it is set to 1, deleting hosts will ignore if host
does not exists.[Defined:fcplib.module.qualys.cmd]
(default: 0)
--qualys.del.ignore_multiple QUALYS.DEL.IGNORE_MULTIPLE
If it is set to 1, deleting hosts will ignore if
hostname is multiplied in
qualys.[Defined:fcplib.module.qualys.cmd] (default: 0)
--qualys.dry QUALYS.DRY
Do nothing in qualys (add ip, add ips to asset
group...)[Defined:fcplib.module.qualys.cmd] (default:
0)
--qualys.retry.count QUALYS.RETRY.COUNT
How many time to try to retry on Qualys API
error[Defined:fcplib.module.qualys.cmd] (default: 5)
--qualys.retry.sleep QUALYS.RETRY.SLEEP
How many seconds to sleep after Qualys API
error[Defined:fcplib.module.qualys.cmd] (default:
1800)
--qualys.appliance QUALYS.APPLIANCE
Qualys appliance name for
scans[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.inactive.asset QUALYS.INACTIVE.ASSET
Determine which assets is inactive (how long it was
not scanned)[Defined:fcplib.module.qualys.cmd]
(default: 7)
--qualys.untag.assets QUALYS.UNTAG.ASSETS
1 for untagging assets before tag-assets-with-tag, 0
disable[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.kb QUALYS.INDEX.KB
If it is set to 1, download-and-import-all will also
index KBs (vulnerabilities definition). Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.index.patches QUALYS.INDEX.PATCHES
If it is set to 1, download-and-import-all will also
index Patch reports. Default is
1.[Defined:fcplib.module.qualys.cmd] (default: 1)
--qualys.report.lastepoch str
Last epoch when report was run for diff
queries[Defined:fcplib.module.qualys.cmd] (default:
{previous})
--qualys.report.query.vuln_critical str
Define query for critical
vulnerabilities[Defined:fcplib.module.qualys.cmd]
(default: (qrti: *exploit_kit* OR qrti:
*active_attacks*) AND severity: [3 TO 5])
--qualys.report.query.vuln str
Define query for
vulnerabilities[Defined:fcplib.module.qualys.cmd]
(default: severity: [3 TO 5] AND (tag:
"qualys:vulnerability:confirmed" OR tag:
"qualys:vulnerability:potential"))
--qualys.deduplicate.prefix str
Define prefix of tag to search for from
assetlinker[Defined:fcplib.module.qualys.cmd]
(default: qualys)
--qualys.asset.tag str
Tag of assets which will be
imported[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.vulnerability_trending.filename str
Name of vulnerability trending report
file[Defined:fcplib.module.qualys.cmd] (default:
vulnerability_trending)
--qualys.tag.ruletype str
Tag rule type, default
static[Defined:fcplib.module.qualys.cmd] (default:
static)
Choices:
static
groovy
os_regex
network_range
name_contains
installed_software
open_ports
vuln_exist
asset_search
cloud_asset
business_information
--qualys.activationkey.type str
Activation key type: UNLIMITED,COUNT_LIMITED,
TIME_LIMITED,
COUNT_TIME_LIMITED[Defined:fcplib.module.qualys.cmd]
(default: UNLIMITED)
--qualys.activationkey.limit str
Required if type is COUNT_LIMITED or
COUNT_TIME_LIMITED Number of keys purchased.Value is 1
or more.[Defined:fcplib.module.qualys.cmd] (default:
None)
--qualys.activationkey.expiredate str
Required if type is TIME_LIMITED or COUNT_TIME_LIMITED
Key expiration date. Date is specified in UTC/GMT
format, i.e. YYYY-MM-
DD[THH:MM:SSZ][Defined:fcplib.module.qualys.cmd]
(default: None)
--qualys.activationkey.modules str
Provision one or more modules for this key. Value is
one of: VM_LICENSE, PC_LICENSE, SCA, PM, SA, FIM,
EDR[Defined:fcplib.module.qualys.cmd] (default:
['VM_LICENSE'])
--qualys.activationkey.tags str
Add tags to this key. These tags will be added to
agents installed with
key.[Defined:fcplib.module.qualys.cmd] (default: [])
--qualys.tag.criticality str
Criticality score of qualys tag. Used in create-tag,
update-tag[Defined:fcplib.module.qualys.cmd] (default:
None)
fcpc qualys create-tag 'name'
fcpc qualys create-tag 'parent:child'
fcpc qualys delete-tag 'name'
fcpc qualys delete-tag '+id'
fcpc qualys tag-assets 'tag' 'host1' 'host2' ...
fcpc qualys tag-assets-with-tag 'tag' 'qtag'
fcpc qualys untag-assets 'tag' 'host1' ...
fcpc qualys tag-assets-by-query 'tag' query
It searches all qualyshost assets with corresponding tag and tag them back to qualys
fcpc qualys tag-assets-by-tag 'tag' 'prefix'
fcpc qualys import-assets file.xml [file2.xml] ...
fcpc qualys import-kb file.xml [file2.xml] ...
fcpc qualys import-patchreport file.xml [file2.xml] ...
fcpc qualys download-assets
fcpc qualys download-kb [filename]
You need to define --qualys.patchreport.name in fcplib.ini or add parameter to this command
fcpc qualys download-patchreport filename
fcpc qualys download-accounts
fcpc qyalys import-accounts
fcpc qualys add-ips-to-ag ag ip [ip]
fcpc qualys del-ips-from-ag ag ip [ip]
fcpc qualys update-ag-by-query query
fcpc qualys del-assets asset1 [asset2] ...
fcpc qualys del-assets query
fcpc --qualys.appliance=app1 qualys launch-map-scan-on-domain "title" domain1,domain2,....
fcpc --qualys.appliance=app1 qualys launch-map-scan-on-asset-group "title" ag1,ag2,....
### Vulnerability trending
```shell
fcpc qualys vulnerability-trending "qid1,qid2,qid3,..." how_many_days_back