AnsweredAssumed Answered

Need way to fetch list of vulnerable assets for given CVE-ID using API

Question asked by Rishikesh Bhide on Mar 11, 2020

I want to retrieve a list of vulnerable hosts from my environment for given CVE through API. Qualys Assets search already allows me to do that via UI but I want to automate it using API. And I couldn't find any API which takes CVE as input & returns list of vulnerable assets

 

I couldn't find any reliable/easy way of doing it repetitively. I tried following things already.

  1. Following 2 APIs from API documentation takes QID as a search parameter (& not CVE)
    /qps/rest/2.0/search/am/hostinstancevuln

    api/2.0/fo/report/asset/
    Is there any other API where I can query a list of assets vulnerable to a particular CVE ID? 

  2. I also tried using Dynamic search list, but if you are trying to retrieve assets for different CVE each time, that option isn't really viable. (Creating new search list each time & then deleting it)
  3. Another way which is feasible is downloading Qualys KB & loading QID-> CVE mapping from there. But problem there is a given CVE is usually a part of multiple QIDs. But asset search API & UI query only returns given asset if I use one specific QID from there.
  4. APIs from (1) does support passing 20 QIDs at a time. Does it mean I need to pass all QIDs associated with a given CVE as a list in order to retrieve accurate list of assets?

Outcomes