Document toolboxDocument toolbox

vuln.qualys

Introduction

The tags begin with vuln.qualys identifies events generated by Qualys.

Valid tags and data tables

The full tag must have four levels. The first two are fixed as vuln.qualys. The third level identifies the type of events sent. The fourth level identifies the event subtype.

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Qualys

vuln.qualys.hostdetections

This source tag is used in collector's versions less than 1.5.0

vuln.qualys.hostdetections

vuln.qualys.hostdetections.xml

vuln.qualys.hosts

vuln.qualys.hosts

vuln.qualys.useractivitylog

vuln.qualys.useractivitylog

vuln.qualys.vulnerabilities

vuln.qualys.vulnerabilities

How is the data sent to Devo?

To send logs to these tables, Devo uses a collector that retrieves the required events and sends them to your Devo domain. Contact us to start sending your logs to Devo using the collector.

Table structure

These are the fields displayed in these tables:

vuln.qualys.hostdetections

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

host_id

str

 

 

 

asset_id

str

 

 

 

ip

ip4

 

 

 

tracking_method

str

 

 

 

network_id

str

 

 

 

os

str

 

 

 

os_cpe

str

 

 

 

dns

str

 

 

 

dns_hostname

str

 

 

 

dns_domain

str

 

 

 

dns_fqdn

str

 

 

 

cloud_provider

str

 

 

 

cloud_service

str

 

 

 

cloud_resource_id

str

 

 

 

ec2_instance_id

str

 

 

 

netbios

str

 

 

 

qg_host_id

str

 

 

 

last_scan_datetime

timestamp

 

 

 

last_vm_scanned_date

timestamp

 

 

 

last_vm_scanned_duration

float8

 

 

 

last_vm_auth_scanned_date

timestamp

 

 

 

last_vm_auth_scanned_duration

float8

 

 

 

last_pc_scanned_date

timestamp

 

 

 

tag_ids

str

join(tag_ids_array, "|||")

tag_ids_array

 

tag_names

str

join(tag_names_array, "|||")

tag_names_array

 

tag_colors

str

join(tag_colors_array, "|||")

tag_colors_array

 

tag_background_colors

str

tag_background_colors_array

 

metadata__ec2__attribute

str

metadata__ec2__attribute_array

 

metadata__google__attribute

str

metadata__google__attribute_array

 

metadata__azure__attribute

str

metadata__azure__attribute_array

 

cloud_tag_names

str

cloud_tag_names_array

 

cloud_tag_values

str

cloud_tag_values_array

 

cloud_tag_last_success_date

str

cloud_tag_last_success_date_array

 

detection_unique_vuln_id

str

 

 

 

detection_qid

str

 

 

 

detection_type

str

 

 

 

detection_severity

str

 

 

 

detection_port

str

 

 

 

detection_protocol

str

 

 

 

detection_fqdn

str

 

 

 

detection_ssl

str

 

 

 

detection_instance

str

 

 

 

detection_results

str

 

 

 

detection_status

str

 

 

 

detection_first_found_datetime

timestamp

 

 

 

detection_last_found_datetime

timestamp

 

 

 

detection_times_found

int8

 

 

 

detection_last_test_datetime

timestamp

 

 

 

detection_last_update_datetime

timestamp

 

 

 

detection_last_fixed_datetime

timestamp

 

 

 

detection_first_reopened_datetime

timestamp

 

 

 

detection_last_reopened_datetime

timestamp

 

 

 

detection_times_reopened

int8

 

 

 

detection_service

str

 

 

 

detection_is_ignored

int8

 

 

 

detection_is_disabled

int8

 

 

 

detection_affect_running_kernel

str

 

 

 

detection_affect_running_service

str

 

 

 

detection_affect_exploitable_config

str

 

 

 

detection_last_processed_datetime

timestamp

 

 

 

rawMessage

str

 

 

✓

hostchain

str

 

 

✓

tag

str

 

 

✓

vuln.qualys.hosts

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

host_id

str

 

 

 

asset_id

str

 

 

 

ip

ip4

 

 

 

tracking_method

str

 

 

 

network_id

str

 

 

 

dns

str

 

 

 

dns_hostname

str

 

 

 

dns_domain

str

 

 

 

dns_fqdn

str

 

 

 

cloud_provider

str

 

 

 

cloud_service

str

 

 

 

cloud_resource_id

str

 

 

 

ec2_instance_id

str

 

 

 

netbios

str

 

 

 

os

str

 

 

 

qg_hostid

str

 

 

 

last_boot

timestamp

 

 

 

serial_number

str

 

 

 

hardware_uuid

str

 

 

 

last_activity

timestamp

 

 

 

agent_status

str

 

 

 

cloud_agent_running_on

str

 

 

 

tag_ids

str

tag_ids_array

 

tag_names

str

tag_names_array

 

metadata__ec2__attribute

str

metadata__ec2__attribute_array

 

metadata__google__attribute

str

metadata__google__attribute_array

 

metadata__azure__attribute

str

metadata__azure__attribute_array

 

cloud_tag_names

str

cloud_tag_names_array

 

cloud_tag_values

str

cloud_tag_values_array

 

cloud_tag_last_success_date

str

cloud_tag_last_success_date_array

 

last_vuln_scan_datetime

timestamp

 

 

 

last_vm_scanned_date

timestamp

 

 

 

last_vm_scanned_duration

int8

 

 

 

last_vm_auth_scanned_date

timestamp

 

 

 

last_vm_auth_scanned_duration

int8

 

 

 

last_compliance_scan_datetime

timestamp

 

 

 

last_scap_scan_datetime

timestamp

 

 

 

owner

str

 

 

 

comments

str

 

 

 

user_def_value1

str

 

 

 

user_def_value2

str

 

 

 

user_def_value3

str

 

 

 

asset_group_ids

str

 

 

 

rawMessage

str

 

 

✓

hostchain

str

 

 

✓

tag

str

 

 

✓

vuln.qualys.useractivitylog

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

date

timestamp

 

action

str

 

module

str

 

details

str

 

user_name

str

 

user_role

str

 

user_ip

ip4

 

rawMessage

str

✓

hostchain

str

✓

tag

str

✓

vuln.qualys.vulnerabilities

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

ip

ip4

 

dns

str

 

netbios

str

 

os

str

 

ip_status

str

 

qid

int4

 

title

str

 

type

str

 

severity

str

 

port

str

 

protocol

str

 

fqdn

str

 

ssl

str

 

cve_id

str

 

vendor_reference

str

 

bugtraq_id

str

 

cvss_base

str

 

cvss_temporal

str

 

cvss3_base

str

 

cvss3_temporal

str

 

threat

str

 

impact

str

 

solution

str

 

exploitability

str

 

associated_malware

str

 

results

str

 

pci_vuln

str

 

instance_str

str

 

category

str

 

scan_reference

str

 

hostchain

str

✓ 

tag

str

✓

rawMessage

str

✓