Howdy all,
I've trawled through the API documentation and the community and can't seem to find an answer to what I thought would be something simple.
Currently when I want to see how many assets contain a vulnerability I can simply use the AssetView->Assets Search functionality. It's awesome, works very fast, helps build widgets that I can chuck onto my teams' boards to aid in those exceptional circumstances such as zero days. Classic example:
I'm currently building some services that have use-cases to do this programatically.
Some important pieces to note:
- Aside from some adhoc sysadmin work, do not use the VM->Reporting function at all. So we have no report IDs to reference. We entirely live in live-dashboard land with continuous scanning provided by host-based agents on every asset.
- Our continuous scanning means I won't have a reference to any scan IDs; scans do exist but they are limited to infrastructure not pertaining servers/workstations.
So my question/s are:
- Is there an API I can hit with the exact same syntax as the AssetView search functionality in the above image?
or
- Is there any API I can hit with vulnerability ID's, names, or is there any way to replicate the list in the image programatically?
Here's hoping I missed something obvious!
Kind Regards,
Robbie
GitHub - teknorob/qualys-elastic-search-POC: A proof of concept for using qualys elastic search API
As promised, here it is:
It's nothing amazing to look at but hopefully it helps someone out there.