Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Qualys Fetch Vulnerabilities - Include all vulnerabilities on assets #36748

Merged
merged 14 commits into from
Oct 30, 2024
Merged

Qualys Fetch Vulnerabilities - Include all vulnerabilities on assets #36748

merged 14 commits into from
Oct 30, 2024

Conversation

johnnywilkes
Copy link
Contributor

@johnnywilkes johnnywilkes commented Oct 15, 2024
edited
Loading

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • [] In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

https://jira-dc.paloaltonetworks.com/browse/EXPANDR-10862

Description

Proposed change is making sure we not only pull Qualys vulnerabilities modified in the last 90 days but also those that are affecting assets that haven’t been modified in the last 90 days. This is to make sure this isn’t a breaking change.
How we do this:

  1. Every time assets are pulled create a list of vulnerabilities (QIDs) we see on them.
  2. Deduplicate this list.
  3. Add the list to getAssetsLastRun()
  4. When we lookup vulnerabilities, first do the call to pull all vulnerabilities modified in last 90 days and create list of these QIDs
  5. Compare list from steps 3 and 4 and deduplicate (create a list of QIDs found on assets that haven’t been modified for last 90 days)
  6. 2nd API call to pull these vulnerabilities that hadn’t been pulled before
  7. Send full list of vulnerabilties to XSIAM

Must have

  • Tests
  • Documentation

@johnnywilkes
Copy link
Contributor Author

@ShirleyDenkberg , please review when possible

@ShirleyDenkberg ShirleyDenkberg self-assigned this Oct 20, 2024
@ShirleyDenkberg
Copy link
Contributor

@aaron1535 Doc review completed.

aaron1535
aaron1535 requested changes Oct 29, 2024
View reviewed changes
Copy link
Contributor

@aaron1535 aaron1535 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @johnnywilkes
Thank you for your contribution.
Nice job!
Please correct my comment and we can merge

Packs/qualys/Integrations/Qualysv2/Qualysv2.py Outdated Show resolved Hide resolved
@johnnywilkes
Copy link
Contributor Author

@aaron1535 , thank you. Merge when possible, please

@aaron1535 aaron1535 merged commit 868c64b into demisto:contrib/PaloAltoNetworks_UVEM-QUALYS Oct 30, 2024
13 checks passed
@github-actions GitHub Actions
Copy link

Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShirleyDenkberg ShirleyDenkberg ShirleyDenkberg left review comments

@aaron1535 aaron1535 aaron1535 approved these changes

Assignees

@ShirleyDenkberg ShirleyDenkberg

@aaron1535 aaron1535

Labels
Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved External PR Xsoar Support Level Indicates that the contribution is for XSOAR supported pack
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnnywilkes @ShirleyDenkberg @aaron1535