From 94a8602f77516398f4f20f18627213ebd7b2eb9d Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Tue, 27 Jun 2023 11:34:59 +0300 Subject: [PATCH] Add new command and evolve scan command (#27725) * Add new command and evolve scan command (#27599) * add new purge command and update arguments for schedule-scan-create command * add new release notes * release notes update * update for circleci * delete over-indent for circleci * update indent to circleci * update indent to circleci_2 * validation of release notes and readme * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: franciscojavierfernandezjim <127735202+franciscojavierfernandezjim@users.noreply.github.com> Co-authored-by: Danny Fried Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --- .../qualys/Integrations/Qualysv2/Qualysv2.py | 45 +++++++++++++++- .../qualys/Integrations/Qualysv2/Qualysv2.yml | 52 ++++++++++++++++++- Packs/qualys/Integrations/Qualysv2/README.md | 1 + Packs/qualys/ReleaseNotes/1_2_12.md | 9 ++++ Packs/qualys/pack_metadata.json | 2 +- 5 files changed, 104 insertions(+), 5 deletions(-) create mode 100755 Packs/qualys/ReleaseNotes/1_2_12.md diff --git a/Packs/qualys/Integrations/Qualysv2/Qualysv2.py b/Packs/qualys/Integrations/Qualysv2/Qualysv2.py index f0ff4e3392d0..32657089a113 100644 --- a/Packs/qualys/Integrations/Qualysv2/Qualysv2.py +++ b/Packs/qualys/Integrations/Qualysv2/Qualysv2.py @@ -37,6 +37,12 @@ # Data for parsing and creating output COMMANDS_PARSE_AND_OUTPUT_DATA: Dict[str, Dict[Any, Any]] = { + "qualys-purge-scan-host-data": { + "table_name": "Deleted report", + "json_path": ["BATCH_RETURN", "RESPONSE", "BATCH_LIST", "BATCH"], + "table_headers": ["ID"], + "collection_name": "ITEM_LIST" + }, "qualys-report-list": { "collection_name": "REPORT_LIST", "table_name": "Report List", @@ -321,6 +327,10 @@ # Context prefix and key for each command COMMANDS_CONTEXT_DATA = { + "qualys-purge-scan-host-data": { + "context_prefix": "Qualys.Purge", + "context_key": "ID" + }, "qualys-report-list": { "context_prefix": "Qualys.Report", "context_key": "ID", @@ -519,6 +529,11 @@ # Information about the API request of the commands COMMANDS_API_DATA: Dict[str, Dict[str, str]] = { + "qualys-purge-scan-host-data": { + "api_route": API_SUFFIX + "asset/host/?action=purge", + "call_method": "POST", + "resp_type": "text", + }, "qualys-report-list": { "api_route": API_SUFFIX + "/report/?action=list", "call_method": "GET", @@ -793,6 +808,22 @@ # Arguments' names of each command COMMANDS_ARGS_DATA: Dict[str, Any] = { + "qualys-purge-scan-host-data": { + "args": [ + "action", + "echo_request", + "ids", + "ips", + "ag_ids", + "ag_titles", + "network_ids", + "no_vm_scan_since", + "no_compliance_scan_since", + "data_scope", + "compliance_enabled", + "os_pattern", + ] + }, "qualys-report-list": { "args": ["id", "state", "user_login", "expires_before_datetime", "client_id", "client_name"], "inner_args": ["limit"], @@ -1303,14 +1334,20 @@ "end_after", "target_from", "tag_include_selector", "tag_exclude_selector", "tag_set_by", "tag_set_include", "tag_set_exclude", - "use_ip_nt_range_tags_include", "use_ip_nt_range_tags_exclude" - + "use_ip_nt_range_tags_include", "use_ip_nt_range_tags_exclude", + "active", + "scanners_in_network", + "recurrence", + "end_after_mins", + "iscanner_id", + "iscanner_name" ], "required_groups": [ [ "asset_group_ids", "asset_groups", "ip", + "fqdn", ], [ "frequency_days", @@ -2551,6 +2588,10 @@ def main(): # pragma: no cover commands_methods: Dict[str, Dict[str, Callable]] = { # *** Commands with unparsed response as output *** + "qualys-purge-scan-host-data": { + "result_handler": handle_general_result, + "output_builder": build_unparsed_output, + }, "qualys-pc-scan-launch": { "result_handler": handle_general_result, "output_builder": build_multiple_values_parsed_output, diff --git a/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml b/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml index 7221a2a66f77..d151470a3d68 100644 --- a/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml +++ b/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml @@ -2035,6 +2035,18 @@ script: description: Qualys response for the host update. type: String - arguments: + - description: Specify 1 for active schedules only, or 0 for deactivated schedules only. + name: active + - description: Specify 1 to distribute the scan to all scanner appliances in the network. + name: scanners_in_network + - description: A comma-separated list of Fully Qualified Domain Names to be scanned. + name: fqdn + - description: The number of times the scan will be run before it is deactivated. + name: recurrence + - description: Specify 1 to distribute the scan to all scanner appliances in the network. + name: end_after_mins + - description: Specifies the name of the Scanner Appliance for the map, when the map target has private use internal IPs. When using Express Lite, Internal Scanning must be enabled in your account. + name: iscanner_id - description: The scan title. name: scan_title required: true @@ -2669,8 +2681,44 @@ script: required: true description: Delete an existing asset tag. name: qualys-asset-tag-delete - - dockerimage: demisto/python3:3.10.11.61265 + - arguments: + - description: Specify 1 to view input parameters in the XML output. + name: echo_request + auto: PREDEFINED + predefined: + - "0" + - "1" + defaultValue: "0" + - description: Purge host information for the defined host IDs/ranges. + name: ids + - description: Purge host information for the defined IP addresses/ranges. + name: ips + - description: Purge hosts belonging to asset groups with the defined IDs, + name: ag_ids + - description: Purge hosts belonging to asset groups with the defined strings in the asset group title. + name: ag_titles + - description: Restrict the request to the defined custom network IDs. + name: network_ids + - description: Purge hosts not scanned since the defined date and time. + name: no_vm_scan_since + - description: Purge compliance hosts not scanned since the defined date and time. + name: no_compliance_scan_since + - description: The type of data to purge. Specify “vm” to purge vulnerability data, specify “pc” to purge compliance data, or specify both as a comma-separated list to purge both types of data + name: data_scope + - description: This parameter is valid only when the policy compliance module is enabled for the user account. Specify 1 to purge compliance hosts in the user's account. Specify 0 to purge hosts which are not assigned to the PC module. + name: compliance_enabled + auto: PREDEFINED + predefined: + - "0" + - "1" + - description: Purge only hosts that have an operating system matching the defined regular expression. Use “%5E%24” to match an empty string. + name: os_pattern + name: qualys-purge-scan-host-data + outputs: + - contextPath: Qualys.Purge.ID + description: IDs of the hosts queued for purging. + description: Purge hosts in your account to remove the assessment data associated with them. + dockerimage: demisto/python3:3.10.12.63474 runonce: false script: '' subtype: python3 diff --git a/Packs/qualys/Integrations/Qualysv2/README.md b/Packs/qualys/Integrations/Qualysv2/README.md index f813d417accc..921fb7e34d06 100644 --- a/Packs/qualys/Integrations/Qualysv2/README.md +++ b/Packs/qualys/Integrations/Qualysv2/README.md @@ -37,6 +37,7 @@ This integration was integrated and tested with version 2.0 of QualysVulnerabili 33. qualys-report-template-list - Added new parameters, changed outputs. 34. qualys-report-launch-map - changed existing parameters 35. qualys-ip-restricted-manage - New command. +36. qualys-purge-scan-host-data - New command. # Playbooks 1. Vulnerability Management - Qualys (Job) - migrated to work with this new version diff --git a/Packs/qualys/ReleaseNotes/1_2_12.md b/Packs/qualys/ReleaseNotes/1_2_12.md new file mode 100755 index 000000000000..c120cafd3b82 --- /dev/null +++ b/Packs/qualys/ReleaseNotes/1_2_12.md @@ -0,0 +1,9 @@ + +#### Integrations + +##### Qualys v2 +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. + +- Added the new command ***qualys-purge-scan-host-data*** for purging hosts in your account to remove the assessment data associated with them. + +- Updated the arguments in the ***qualys-schedule-scan-create*** command. diff --git a/Packs/qualys/pack_metadata.json b/Packs/qualys/pack_metadata.json index 88f85d52fe1f..c4420bbfe24b 100644 --- a/Packs/qualys/pack_metadata.json +++ b/Packs/qualys/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Qualys", "description": "Qualys Vulnerability Management let's you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance", "support": "xsoar", - "currentVersion": "1.2.11", + "currentVersion": "1.2.12", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",