Getting Qualys asset scan information via PowerShell

Getting Qualys asset scan information via PowerShell

We use Qualys Vulnerability Management at work to scan our assets for vulnerabilities. I needed to identify which assets hadn't been scanned in a long time. This could be done through the web interface by going to Assets->Asset Search and searching for assets with a Last Scan Date not within X days. But I needed to work with the results in PowerShell for further automation tasks

The Qualys API is pretty will documented here (version 1) and here (version 2). I'm going to use version 2 of the API as that's the latest supported version at time of writing

I'm also using PowerShell version 4 as that's what I've currently got installed on my workstation & automation server

PSVersionTable-1-

First, lets setup some variables to hold our Qualys platform name & username/password details

code-block-1-1-

Then we need to do some things to create the appropriate HTTP headers which the API expects, configure the number of hosts we want information back about and eventually use PowerShell's Invoke-WebRequest to make the API request

code-block-2-1-

At this point, $HttpResponse is a HtmlWebResponseObject which has a property called Content. This contains the data the Qualys server sent to us following our request

HTTPResponse-members-1-

The $HttpResponse.Content is a string which is difficult to work with. However, as we requested Qualys to return the data in XML format, we should be able to convert the string to an XML object:-

code-block-3-1-

And now we can work with the XML much easier. We can loop round each host and create a PowerShell objects for each host with the scan data, properly formed as we would expect in PowerShell

code-block-4-1-

$HostAssets now can be worked with in PowerShell for easy sorting/searching

HostAssets-result-1-

If you find this useful, please let me know via the comments section below

Stuart

EDIT 18/01/2017

The PowerShell code used in this post can be found here

Edit 15/May/2018 Migrated from Blogger