Automate Qualys Report Analysis & TheHive Case Creation
detail.loadingPreview
This n8n workflow seamlessly integrates Qualys with TheHive, automating the tedious process of transferring finished vulnerability reports into actionable security cases. It intelligently filters new reports based on a last-processed timestamp, ensuring you only create cases for relevant, recent findings.
About This Workflow
Manually tracking and creating security cases from Qualys vulnerability reports can be a time-consuming and error-prone task for security operations teams. This powerful n8n workflow eliminates that burden by providing an automated pipeline. It connects directly to your Qualys account, fetches all newly finished reports, and transforms them into structured cases within TheHive. By maintaining a dynamic timestamp, the workflow intelligently avoids reprocessing old reports, ensuring your incident response efforts are always focused on the most current threats and vulnerabilities. Streamline your SecOps workflow and accelerate your response times with this robust integration.
Key Features
- Automated Qualys Report Retrieval: Periodically fetches all completed vulnerability reports from your Qualys account using API integration.
- Intelligent Report Filtering: Prevents duplicate case creation by only processing reports launched after the last workflow execution, thanks to a dynamic timestamp tracking mechanism.
- Seamless TheHive Case Creation: Automatically generates detailed security cases in TheHive for each new Qualys report, including relevant report titles and descriptions.
- Configurable Case Details: Set custom tags (e.g., "Qualys Scan"), TLP (Traffic Light Protocol), and other case parameters for better categorization in TheHive.
- XML to JSON Conversion: Handles Qualys' XML report output by converting it into easily parsable JSON for further processing.
How To Use
- Set up Qualys API Credential: In n8n, create a new "Qualys API" credential, providing your Qualys username and password.
- Set up TheHive Credential: Create a "TheHive" credential in n8n, specifying your TheHive URL and API Key.
- Configure Timestamp Storage Workflow: Ensure the "Timestamp Storage Qualys" workflow (ID
n9Vh6tvRs0Y2y7V9) is present and functioning to track the last processed time. This workflow is called by the main one. - Review Global Variables: Adjust the
base_urlin the "Global Variables" node if your Qualys instance differs from the default (https://qualysapi.qg3.apps.qualys.com). - Customize TheHive Case Details: Modify the "Create Case" node to adjust
tags,tlp,description, or other parameters as needed for your TheHive setup. - Activate Workflow: Once configured, activate the workflow. It can be triggered manually or scheduled for periodic execution.
Apps Used
Workflow JSON
{
"id": "bc0de3e4-7ce4-43fe-a3f9-1071f4f9a301",
"name": "Automate Qualys Report Analysis & TheHive Case Creation",
"nodes": 14,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: bc0de3e4-7ce4...
About the Author
N8N_Community_Pick
Curator
Hand-picked high quality workflows from the global community.
Statistics
Related Workflows
Discover more workflows you might like
Visualize Your n8n Workflows: Interactive Dashboard with Mermaid.js
Gain unparalleled visibility into your n8n automation landscape. This workflow transforms your n8n instance into a dynamic, interactive dashboard, leveraging Mermaid.js to visualize all your workflows in one accessible place.
Effortless Bug Reporting: Slack Slash Command to Linear Issue
Streamline your bug reporting process by instantly creating Linear issues directly from Slack using a simple slash command. This workflow enhances team collaboration by providing immediate feedback and a structured approach to logging defects, saving valuable time for development and QA teams.
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.