Requirements

Report Type: The report must be in a CSV type

Report Rows:  Must include the following columns (in order):

• IP - IP address of the host that the vulnerability was detected on
• DNS - The fully-qualified domain name of the host that the vulnerability was detected on
  • If FQDN is empty in your report, configure the vulnerability integration on IP only.
• Operating System - Operating system of host
• Title - Title and name of the detected vulnerability
• Solution - Remediation information for the vulnerability.
• CVE ID (optional) -  space-separated list of CVEs

See attached example at bottom of article.

Report Structure:

1. The report should include the headers row
2. The report information should be divided into columns (not a single column with all the information inside the cell)

JetPatch Configuration

After you verified that the report is valid for the JetPatch Qualys Vulnerability Scanner, the Vulnerability Parser can be customized.

The JetPatch Vulnerability Parser located in the "conf" folder, usually in /usr/share/tomcat/default/conf/intigua_vulnerability_parser.conf.json

To support the Qualys vulnerability report, replace the "intigua_vulnerability_parser.conf.json" file with the file attached to this article. 

In order to do so perform the next steps - 

1. Download the attached file

2. SSH to JetPatch server

3. Replace intigua_vulnerability_parser.conf.json with the one attached in this KC:

/usr/share/tomcat/default/conf/intigua_vulnerability_parser.conf.json

6. Restart tomcat

service tomcat restart

7. Go to the JetPatch application > Patches Catalog > Vulnerabilities. You should be able to see that there is a "Qualys" report option. Use it to upload your vulnerability scan report.