Dashboard Toolbox - VM DASHBOARD: Health Host Scan Time Management (v1.1)

Document created by Felix Jimenez Employee on Feb 6, 2019Last modified by Felix Jimenez Employee on May 19, 2020
Version 9Show Document
  • View in full screen mode

fjimenez This page contains information to create a Scorecard dashboard leveraging the Vulnerability Management Beta Dashboard interface and data in your Qualys Vulnerability Management subscription.  

April 2020: In preparation for GA release, this dashboard has been reviewed and improved to leverage current product functionality.

 

Vulnerability Management Dashboard BETA Closed with the Release of Portal 3.0

Cloud Platform (QWEB 10.0, Portal 3.0)

             

This Vulnerability Management Beta Dashboard will enable you to be more pro-active in your Host Scan Time Management and Troubleshooting of Qualys Scans.

Get a quick, easy glance to KPIs for Host Scan Time.

 

Why is ScanTime Management important?

When pursuing a strategy of continuous scanning and visibility while scanning by big subnets scan time is very important and if you are also constrained from

scanning outside scanning windows. Monitoring Scan time can help you find and detect possible issues with an asset on the network.

Monitoring this from time to time and troubleshooting those assets with big scan times will help ensure scans finished in a reasonable amount of time. 

 

Monitoring Scan TimeNew

 

 

Dashboard Demonstration Images: * * * New * * *

* The Pre-built Dashboard JSON file can be found attached below ready for download & import into your Qualys subscription *

 

* * * Requirements * * *

The following Widgets Require Groovy Scriptlet Tags to be created for each:  

Click the following link for assistance in converting time: Google Time Converter

The only section needed to be changed in the code for your desired time is in RED threshold_minutes = ###

Host Scan Time Tags:

Scan time 0 - 10 MinutesScan time 11 - 20 MinutesScan time 1 - 2 HoursScan time 2 - 4 Hours
TAG-NAME: ScanTimeMin-0-10TAG-NAME: ScanTimeMin-11-20TAG-NAME:  ScanTime-1-2HTAG-NAME:  ScanTime-2-4H

TAG-CODE: Copy paste under Groovy Scriptlet rule:

TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:TAG-CODE: Copy paste under Groovy Scriptlet rule:

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 0
//Next Threshold will always be 11 so do not TAG if more than that.
next_threshold_min = 11+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 11
//Next Threshold will always be 11 so do not TAG if more than that.
next_threshold_min = 11+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts. 

if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes. 
threshold_minutes = 60
//Next Threshold will always be 61 so do not TAG if more than that.
next_threshold_min = 61+threshold_minutes
// Obtain results for QID 45038. 
host_scan_time = asset.resultsForQid(45038L); 
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration. 
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds')); 
// Convert number of seconds to integer; 
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

// Skip testing on non-VM hosts.

if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Tag if scan time for host takes longer than threshold_minutes minutes.
threshold_minutes = 120
//Next Threshold will always be 121 so do not TAG if more than that.
next_threshold_min = 121+threshold_minutes
// Obtain results for QID 45038.
host_scan_time = asset.resultsForQid(45038L);
if (host_scan_time == "null" || host_scan_time.isEmpty())
return false;
// Parse for duration.
host_scan_time = host_scan_time.substring(15,host_scan_time.indexOf(' seconds'));
// Convert number of seconds to integer;
host_scan_time = host_scan_time.toInteger()
return host_scan_time > (threshold_minutes*60) && host_scan_time < (next_threshold_min*60);

 

 

API Guide  - Evaluate Tag: 

Asset Mgmt and Tagging v2 API

See Page:  31

* * * Re-Evaluate the Tags as needed per Scan Candance * * *

Evaluate all tags that have Groovy Script rules.

API Request:  **Note the POD API url & the file.xml needs to be created**

POD 1: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/evaluate/am/tag" < file.xml

POD 2: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg2.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

POD 3: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg3.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

Request POST data:   file.xml  or   GROOVY.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">GROOVY</Criteria>
</filters>
</ServiceRequest>
Request POST data:   file.xml   or  ASSETSEARCH.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">ASSET_SEARCH</Criteria>
</filters>
</ServiceRequest>

 

 

 

Example of Tags & Widget Structure & Trending:

Open the desired widget in edit mode, by selecting the 3 lines on the top right of the widget,

and clicking on Configure Widget. Then select the Collect trend data check box.


 

 

Troubleshoot Long Host Scan Times

After selecting the widget containing a host with an excessive scan time you can dig into details and, begin your troubleshooting. Try to identify the culprit host and troubleshoot, and open a case with support to get more details. Exclude the culprit host from your regular scans. This will help your regular scans complete effectively without the delay of the culprit host. Then scan the culprit host independently. 

 

 

 

 

Help Link:

POD - 1 - Apply Tags to Organize Your Assets

POD - 2 - Apply Tags to Organize Your Assets

POD - 3 - Apply Tags to Organize Your Assets

 

 

More to Come ... 

 

 

References: 

Looking for additional Qualys Documentation use the Resource link in the Qualys Portal (Help > Resources)
Documentation specific to Host Scan Time:

 

Related community Posts:

 

 

 

Back to Dashboards and Reporting Resources - Start Here  

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA [CLOSED]  

 

* * * WARNING: Read Before Downloading * * *

At this time, Dashboard and Widget JSON files are not interchangeable between application dashboards, meaning Vulnerability Management Beta Dashboard JSON files may only be used in VM Dashboard and AssetView JSON files may only be used in AssetView. If you make a mistake and import a JSON file from one application into the other, you must contact Qualys Support to have the error corrected in the database for your subscription. 

Again, there is no way to reverse this mistake within the UI, it must be done in the database.

1 person found this helpful

Outcomes