Add new command and evolve scan command (demisto#27725)

* Add new command and evolve scan command (demisto#27599) * add new purge command and update arguments for schedule-scan-create command * add new release notes * release notes update * update for circleci * delete over-indent for circleci * update indent to circleci * update indent to circleci_2 * validation of release notes and readme * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: franciscojavierfernandezjim <127735202+franciscojavierfernandezjim@users.noreply.github.com> Co-authored-by: Danny Fried <dfried@paloaltonetworks.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
xsoar-contrib · Jul 26, 2023 · 94a8602 · 94a8602
1 parent 524da0d
commit 94a8602
Show file tree

Hide file tree

Showing 5 changed files with 104 additions and 5 deletions.
diff --git a/Packs/qualys/Integrations/Qualysv2/Qualysv2.py b/Packs/qualys/Integrations/Qualysv2/Qualysv2.py
@@ -37,6 +37,12 @@
 
 # Data for parsing and creating output
 COMMANDS_PARSE_AND_OUTPUT_DATA: Dict[str, Dict[Any, Any]] = {
+    "qualys-purge-scan-host-data": {
+        "table_name": "Deleted report",
+        "json_path": ["BATCH_RETURN", "RESPONSE", "BATCH_LIST", "BATCH"],
+        "table_headers": ["ID"],
+        "collection_name": "ITEM_LIST"
+    },
     "qualys-report-list": {
         "collection_name": "REPORT_LIST",
         "table_name": "Report List",
@@ -321,6 +327,10 @@
 
 # Context prefix and key for each command
 COMMANDS_CONTEXT_DATA = {
+    "qualys-purge-scan-host-data": {
+        "context_prefix": "Qualys.Purge",
+        "context_key": "ID"
+    },
     "qualys-report-list": {
         "context_prefix": "Qualys.Report",
         "context_key": "ID",
@@ -519,6 +529,11 @@
 
 # Information about the API request of the commands
 COMMANDS_API_DATA: Dict[str, Dict[str, str]] = {
+    "qualys-purge-scan-host-data": {
+        "api_route": API_SUFFIX + "asset/host/?action=purge",
+        "call_method": "POST",
+        "resp_type": "text",
+    },
     "qualys-report-list": {
         "api_route": API_SUFFIX + "/report/?action=list",
         "call_method": "GET",
@@ -793,6 +808,22 @@
 
 # Arguments' names of each command
 COMMANDS_ARGS_DATA: Dict[str, Any] = {
+    "qualys-purge-scan-host-data": {
+        "args": [
+            "action",
+            "echo_request",
+            "ids",
+            "ips",
+            "ag_ids",
+            "ag_titles",
+            "network_ids",
+            "no_vm_scan_since",
+            "no_compliance_scan_since",
+            "data_scope",
+            "compliance_enabled",
+            "os_pattern",
+        ]
+    },
     "qualys-report-list": {
         "args": ["id", "state", "user_login", "expires_before_datetime", "client_id", "client_name"],
         "inner_args": ["limit"],
@@ -1303,14 +1334,20 @@
             "end_after",
             "target_from",
             "tag_include_selector", "tag_exclude_selector", "tag_set_by", "tag_set_include", "tag_set_exclude",
-            "use_ip_nt_range_tags_include", "use_ip_nt_range_tags_exclude"
-
+            "use_ip_nt_range_tags_include", "use_ip_nt_range_tags_exclude",
+            "active",
+            "scanners_in_network",
+            "recurrence",
+            "end_after_mins",
+            "iscanner_id",
+            "iscanner_name"
         ],
         "required_groups": [
             [
                 "asset_group_ids",
                 "asset_groups",
                 "ip",
+                "fqdn",
             ],
             [
                 "frequency_days",
@@ -2551,6 +2588,10 @@ def main():  # pragma: no cover
 
     commands_methods: Dict[str, Dict[str, Callable]] = {
         # *** Commands with unparsed response as output ***
+        "qualys-purge-scan-host-data": {
+            "result_handler": handle_general_result,
+            "output_builder": build_unparsed_output,
+        },
         "qualys-pc-scan-launch": {
             "result_handler": handle_general_result,
             "output_builder": build_multiple_values_parsed_output,

diff --git a/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml b/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml
@@ -2035,6 +2035,18 @@ script:
       description: Qualys response for the host update.
       type: String
   - arguments:
+    - description: Specify 1 for active schedules only, or 0 for deactivated schedules only.
+      name: active
+    - description: Specify 1 to distribute the scan to all scanner appliances in the network.
+      name: scanners_in_network
+    - description: A comma-separated list of Fully Qualified Domain Names to be scanned. 
+      name: fqdn
+    - description: The number of times the scan will be run before it is deactivated.
+      name: recurrence
+    - description: Specify 1 to distribute the scan to all scanner appliances in the network.
+      name: end_after_mins
+    - description: Specifies the name of the Scanner Appliance for the map, when the map target has private use internal IPs. When using Express Lite, Internal Scanning must be enabled in your account.
+      name: iscanner_id
     - description: The scan title.
       name: scan_title
       required: true
@@ -2669,8 +2681,44 @@ script:
       required: true
     description: Delete an existing asset tag.
     name: qualys-asset-tag-delete
-
-  dockerimage: demisto/python3:3.10.11.61265
+  - arguments:
+    - description: Specify 1 to view input parameters in the XML output.
+      name: echo_request
+      auto: PREDEFINED
+      predefined:
+      - "0"
+      - "1"
+      defaultValue: "0"
+    - description: Purge host information for the defined host IDs/ranges.
+      name: ids
+    - description: Purge host information for the defined IP addresses/ranges.
+      name: ips
+    - description: Purge hosts belonging to asset groups with the defined IDs,
+      name: ag_ids
+    - description: Purge hosts belonging to asset groups with the defined strings in the asset group title.
+      name: ag_titles
+    - description: Restrict the request to the defined custom network IDs.
+      name: network_ids
+    - description: Purge hosts not scanned since the defined date and time.
+      name: no_vm_scan_since
+    - description: Purge compliance hosts not scanned since the defined date and time.
+      name: no_compliance_scan_since
+    - description: The type of data to purge. Specify “vm” to purge vulnerability data, specify “pc” to purge compliance data, or specify both as a comma-separated list to purge both types of data
+      name: data_scope
+    - description: This parameter is valid only when the policy compliance module is enabled for the user account. Specify 1 to purge compliance hosts in the user's account. Specify 0 to purge hosts which are not assigned to the PC module.
+      name: compliance_enabled
+      auto: PREDEFINED
+      predefined:
+      - "0"
+      - "1"
+    - description: Purge only hosts that have an operating system matching the defined regular expression. Use “%5E%24” to match an empty string.
+      name: os_pattern
+    name: qualys-purge-scan-host-data
+    outputs:
+    - contextPath: Qualys.Purge.ID
+      description: IDs of the hosts queued for purging.
+    description: Purge hosts in your account to remove the assessment data associated with them.
+  dockerimage: demisto/python3:3.10.12.63474
   runonce: false
   script: ''
   subtype: python3

diff --git a/Packs/qualys/Integrations/Qualysv2/README.md b/Packs/qualys/Integrations/Qualysv2/README.md
@@ -37,6 +37,7 @@ This integration was integrated and tested with version 2.0 of QualysVulnerabili
 33. qualys-report-template-list - Added new parameters, changed outputs.
 34. qualys-report-launch-map - changed existing parameters
 35. qualys-ip-restricted-manage - New command.
+36. qualys-purge-scan-host-data - New command.
 
 # Playbooks
 1. Vulnerability Management - Qualys (Job) - migrated to work with this new version

diff --git a/Packs/qualys/ReleaseNotes/1_2_12.md b/Packs/qualys/ReleaseNotes/1_2_12.md
@@ -0,0 +1,9 @@
+
+#### Integrations
+
+##### Qualys v2
+- Updated the Docker image to: *demisto/python3:3.10.12.63474*.
+
+- Added the new command ***qualys-purge-scan-host-data*** for purging hosts in your account to remove the assessment data associated with them.
+
+- Updated the arguments in the ***qualys-schedule-scan-create*** command.
diff --git a/Packs/qualys/pack_metadata.json b/Packs/qualys/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Qualys",
     "description": "Qualys Vulnerability Management let's you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance",
     "support": "xsoar",
-    "currentVersion": "1.2.11",
+    "currentVersion": "1.2.12",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",