LogoLogo
API DocumentationIntegrationsPlexTrac.com
  • Product Documentation
    • Using This Site
    • Security Advisories
    • Deployment and Maintenance Policy
    • Supported Applications
  • PlexTrac Modules
    • Dashboard
    • Clients
      • Clients Components
      • Creating a Client
      • Managing Clients
      • Managing Client Users
      • Adding Assets to a Client
      • Managing Assets
    • Schedule
      • Schedule Components
      • Creating an Engagement
      • Requesting an Engagement
      • Managing Engagements
      • Engagement Status
    • Assessments
      • Assessment Components
      • Managing Questionnaires
      • Starting an Assessment
      • Taking an Assessment
      • Reviewing an Assessment
      • Submitting an Assessment
    • Reports
      • Report Components
      • Creating a Report
      • Adding from NarrativesDB
      • Editing a Report
      • Using Short Codes in Reports
      • Findings
        • Creating a Finding
        • Collaborative Editing
        • Importing Findings from a File
        • CSV Findings Templates
          • Using Report Findings CSV Template
        • Importing Findings via an Integration
        • Importing Findings from WriteupsDB
        • Finding Status
        • Creating Jira Tickets
        • CVSS Scoring
        • Affected Assets
      • Importing a Report
      • Exporting a Report
    • Priorities
      • Priorities Components
      • Creating a Priority
      • Linking Findings and Assets
      • Managing Priorities
      • Priorities Metrics
    • Content Library
      • Types of Repositories
      • NarrativesDB
        • NarrativesDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Managing Sections
        • Creating a Section
      • WriteupsDB
        • WriteupsDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Writeup
        • Copying a Writeup
        • Adding to a Report
        • Importing via CSV Template
      • RunbooksDB
        • RunbooksDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Procedure
        • Creating a Technique
        • Creating a Tactic
        • Creating a Methodology
    • Analytics
      • Findings
      • Assets
      • Runbooks
      • Trends & SLAs
    • Runbooks
      • Managing Engagements
        • Starting an Engagement
        • Submitting an Engagement
      • Managing Test Plans
        • Creating a Test Plan
        • Exporting a Test Plan
  • Tenant Management
    • Account Management
      • Profile (Personal Settings)
        • Managing User Profile
        • Managing Password
        • Setting Up Two-Factor Authentication
      • Account Admin
        • Tenant Settings
          • Account Information
          • General Settings
          • Email Settings
          • Tags Settings
          • Service-Level Agreements (SLAs)
          • Short Codes
        • Customizations
          • Layouts
          • Templates
            • Report Templates
            • Export Templates
            • Style Guides
          • Theme
        • Automations
          • Risk Scoring
            • Creating Equations
            • Managing Priority Equations
          • Parser Actions
        • Integrations & Webhooks
          • Integrations (API)
            • Cobalt
            • Edgescan
            • HackerOne
            • Jira
            • ServiceNow
            • Tenable Vulnerability Management
            • Tenable Security Center
          • Webhooks
        • Security & User Management
          • Audit Log
          • Security
            • Authentication Methods
              • OAuth/OpenID Setup
                • Microsoft Entra ID
                • Google OAuth
                • Okta
                • OpenID Connect
              • SAML Setup
            • General Authentication Settings
            • Authorization
            • Role Based Access (RBAC)
              • Custom Roles
            • Classification Tiers
          • Users
            • Adding Users
            • Managing Users
        • Licensing
          • Licensing
          • Priorities
          • Plex AI
            • Using AI
        • White Labeling
      • Help Center
      • Logout
    • Integrations and File Imports
      • Acunetix
      • BlindSPOT
      • Burp Suite
      • Checkmarx
      • Core Impact
      • HCL AppScan
      • Invicti
      • Nessus
      • Nexpose
      • Nipper
      • Nmap (Assets)
      • Nmap Vulners NSE
      • Nodeware
      • NodeZero
      • OpenVAS
      • OWASP ZAP
      • Pentera
      • Qualys (VM Parser)
      • Qualys (Web App Scanner)
      • RapidFire
      • Scythe
      • Veracode
  • API Documentation
    • Overview
    • Concept Definitions
    • Getting Started
    • Retrieving Parameter IDs
    • Object Structures
      • Client Object
      • Report Object
      • Finding Object
      • Asset Object
      • Evidence Object
    • Use Cases
    • API Change Policy
      • API Change Log
    • Webhooks
      • Webhook Payload Structure
      • Verifying Sender Requests
Powered by GitBook

Resources

  • Privacy Policy
  • Terms of Use
  • Vulnerability Policy

© 2025 PlexTrac, Inc. All rights reserved.

On this page
  • Finding Field Mappings
  • Asset Field Mappings

Was this helpful?

Export as PDF
  1. Tenant Management
  2. Integrations and File Imports

Qualys (Web App Scanner)

PreviousQualys (VM Parser)NextRapidFire

Last updated 1 year ago

Was this helpful?

PlexTrac supports importing XML files from Qualys. The Qualys web parser is a component of the Qualys WAS solution responsible for crawling the web application, collecting data, and identifying potential vulnerabilities. The web parser can be customized to scan specific web applications and detect vulnerabilities in various web applications, including static and dynamic web applications.

When importing a file from Qualys, whether for the VM parser or Web parser, select "Qualys" from the import pulldown menu, and PlexTrac will decide which mapping to use based on the fields provided in the import file.

Below are the mappings of fields and any reference notes to provide context. If a field is not listed, PlexTrac does not currently import it.

Finding Field Mappings

PlexTrac Field
Qualys Path
Notes

title

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><TITLE>

severity

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SEVERITY>

We are passed a number, which gets evaluated as following: "0": "Informational", "1": "Informational", "2": "Low", "3": "Medium", "4": "High", "5": "Critical",

references

Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. All the data from the tags are stored into a list that is saved as reference links.

recommendations

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SOLUTION>

description

Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. Data is combined.

evidence

risk_score

tags

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SEVERITY>

If severity is 1, then we give it a tag of "minimal".

common_identifiers

field: ["scores"]["cvss"]

label

Hardcoded "CVSS Base Score"

value

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS_SCORE><CVSS_BASE>

field: ["cvss_temporal"]

label

Hardcoded "CVSS Temporal Score"

value

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS_SCORE><CVSS_TEMPORAL>

field: ["scores"]["cvss3"]

label

Hardcoded "CVSSv3 Base Score"

value

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS3_SCORE><CVSS3_BASE>

field: ["cvss3_temporal"]

label

Hardcoded "CVSSv3 Temporal Score"

value

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS3_SCORE><CVSS3_TEMPORAL>

field: ["scores"]["pci_flag"]

label

Hardcoded "PCI_FLAG"

value

<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><PCI_FLAG>

field: ["cwe"]

label

Hardcoded "CWE"

value

<GLOSSARY><QID_LIST><QID><CWE>

field: ["wasc"]

label

Hardcoded "WASC"

value

<GLOSSARY><QID_LIST><QID><WASC>

field: ["category"]

label

Hardcoded "Category"

value

<GLOSSARY><QID_LIST><QID><CATEGORY>

field: ["owasp"]

label

Hardcoded "OWASP"

value

<GLOSSARY><QID_LIST><QID><OWASP>

Asset Field Mappings

PlexTrac Field
Qualys Path
Notes

asset

<WAS_SCAN_REPORT><RESULTS><VULNERABILITY_LIST><VULNERABILITY><URL>

There is some logic here for parent/child relationship.