I want to retrieve a list of vulnerable hosts from my environment for given CVE through API. Qualys Assets search already allows me to do that via UI but I want to automate it using API. And I couldn't find any API which takes CVE as input & returns list of vulnerable assets
I couldn't find any reliable/easy way of doing it repetitively. I tried following things already.
- Following 2 APIs from API documentation takes QID as a search parameter (& not CVE)
Is there any other API where I can query a list of assets vulnerable to a particular CVE ID?
- I also tried using Dynamic search list, but if you are trying to retrieve assets for different CVE each time, that option isn't really viable. (Creating new search list each time & then deleting it)
- Another way which is feasible is downloading Qualys KB & loading QID-> CVE mapping from there. But problem there is a given CVE is usually a part of multiple QIDs. But asset search API & UI query only returns given asset if I use one specific QID from there.
- APIs from (1) does support passing 20 QIDs at a time. Does it mean I need to pass all QIDs associated with a given CVE as a list in order to retrieve accurate list of assets?