Qualys (Web App Scanner)
PlexTrac supports importing a file from Qualys . Below are the mappings of fields.
When importing a file from Qualys, whether for the VM parser or Web parser, select "Qualys" from the import pulldown menu, and PlexTrac will decide which parser and mapping to use based on the fields provide in the import file.
PlexTrac finding field
Qualys path
Notes
title
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><TITLE>
severity
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SEVERITY>
We are passed a number, which gets evaluated as following: "0": "Informational", "1": "Informational", "2": "Low", "3": "Medium", "4": "High", "5": "Critical",
references
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. All the data from the tags are stored into a list that is saved as reference links.
recommendations
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SOLUTION>
description
Any data surrounded by <![CDATA[some stuff]]> tag is removed before storing the data. Data is combined.
evidence
risk_score
tags
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><SEVERITY>
If severity is 1, then we give it a tag of "minimal".
common_identifiers
field: ["scores"]["cvss"]
label
Hardcoded "CVSS Base Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS_SCORE><CVSS_BASE>
field: ["cvss_temporal"]
label
Hardcoded "CVSS Temporal Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS_SCORE><CVSS_TEMPORAL>
field: ["scores"]["cvss3"]
label
Hardcoded "CVSSv3 Base Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS3_SCORE><CVSS3_BASE>
field: ["cvss3_temporal"]
label
Hardcoded "CVSSv3 Temporal Score"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><CVSS3_SCORE><CVSS3_TEMPORAL>
field: ["scores"]["pci_flag"]
label
Hardcoded "PCI_FLAG"
value
<WAS_SCAN_REPORT><GLOSSARY><QID_LIST><QID><PCI_FLAG>
field: ["cwe"]
label
Hardcoded "CWE"
value
<GLOSSARY><QID_LIST><QID><CWE>
field: ["wasc"]
label
Hardcoded "WASC"
value
<GLOSSARY><QID_LIST><QID><WASC>
field: ["category"]
label
Hardcoded "Category"
value
<GLOSSARY><QID_LIST><QID><CATEGORY>
field: ["owasp"]
label
Hardcoded "OWASP"
value
<GLOSSARY><QID_LIST><QID><OWASP>
PlexTrac Asset field
Qualys path
Notes
asset
<WAS_SCAN_REPORT><RESULTS><VULNERABILITY_LIST><VULNERABILITY><URL>
There is some logic here for parent/child relationship.
hostname
knownIps
operating_system
findingConnection
number
protocol
service
version
Click Next below to see more mappings.
Copy link