Automated Qualys Report Processing

This workflow is ideal for Security Operations Centers (SOCs), IT security teams, and vulnerability management professionals who need to automate the retrieval and organization of security reports from Qualys into TheHive. It is particularly useful for organizations that manage multiple security reports and require timely updates to maintain their security posture.

This workflow addresses the challenge of manual report handling by automating the process of fetching, filtering, and organizing Qualys reports. It ensures that only newly generated reports are processed, thereby preventing duplicates and enhancing the efficiency of vulnerability management efforts. By creating cases in TheHive for each report, it streamlines the tracking and response to vulnerabilities.

1. Set Global Variables: Initializes key variables like base_url and newtimestamp to ensure the workflow operates with up-to-date configurations.

2. Fetch Reports from Qualys: Sends a GET request to the Qualys API to retrieve reports that are in a Finished state, ensuring timely updates.

3. Convert XML to JSON: Transforms the XML response from Qualys into JSON format for easier manipulation.

4. Filter Reports: Checks the timestamps of the reports against a stored timestamp to identify which reports are newer and have not yet been processed.

5. Process Each Report: Loops through the filtered reports, ensuring each is handled individually for reliability.

6. Create Case in TheHive: Generates a new case in TheHive for every new report, serving as a container for the report data.

7. Download and Attach Report: Downloads each report from Qualys and attaches it to the corresponding case in TheHive, ensuring all relevant data is consolidated in one location.