Automated Saving of Qualys Scan Reports to TheHive Workflow
This workflow automatically retrieves completed reports from the Qualys security scanning platform, filters out old reports, processes only the latest reports, and creates cases in TheHive. By executing on an hourly schedule, it ensures that the Security Operations Center has real-time access to vulnerability scanning data, enhancing the automation and efficiency of vulnerability management. This avoids manual operations, enabling rapid response to security incidents and centralized storage of reports for easier subsequent queries and audits.
Tags
Workflow Name
Automated Saving of Qualys Scan Reports to TheHive Workflow
Key Features and Highlights
This workflow automates the retrieval of completed scan reports from the Qualys security scanning platform, filters out previously processed reports, and creates cases in TheHive only for the latest reports. Corresponding PDF reports are downloaded and automatically uploaded as attachments to their respective cases. Triggered on an hourly schedule, it ensures the Security Operations Center (SOC) has real-time access to the latest vulnerability scan data, thereby enhancing automation and efficiency in vulnerability management.
Core Problems Addressed
- Automates the acquisition of Qualys scan reports, eliminating manual downloading and organization
- Prevents duplicate processing of archived reports by filtering new and old data based on timestamps
- Automatically creates cases in TheHive for unified report management, accelerating security incident response
- Centralizes report storage and archiving for easy future retrieval and auditing
Use Cases
- Automated vulnerability management in Security Operations Centers (SOC)
- Regular collection and archiving of enterprise vulnerability scan reports
- Unified management and tracking of scan results by security incident response teams
- Any organization requiring automatic import of Qualys reports into TheHive for analysis and management
Main Workflow Steps
- Scheduled Trigger: Runs the workflow once every hour to ensure continuous data updates.
- Set Global Variables: Initialize the Qualys API base URL and current timestamp.
- Call Qualys API to Retrieve Report List: Fetch only reports with status “Finished.”
- Convert XML to JSON: Facilitate subsequent data processing.
- Split Report List: Process each report individually.
- Filter Processed Reports: Select only new reports based on the last run timestamp.
- Create TheHive Case for Each New Report: Serve as containers and management units for reports.
- Download Report Content: Obtain the specific PDF report from Qualys.
- Upload Report as Attachment to Corresponding TheHive Case: Link reports with cases for centralized storage.
- Update Timestamp: Record the current processing time to avoid duplicate handling.
- Wait Node: Control request pacing to prevent API rate limiting.
Involved Systems or Services
- Qualys: Source of vulnerability scan reports, accessed via API.
- TheHive: Security incident response platform used for case creation and report management.
- n8n Automation Platform: Orchestrates the steps to enable automated workflow scheduling and execution.
Target Users and Value
- Security Operations Teams: Enhance automation in vulnerability management and reduce manual workload.
- Security Incident Responders: Quickly consolidate scan data for streamlined case tracking and handling.
- IT Operations and Compliance Teams: Achieve systematic archiving and auditing of scan reports.
- Any organization seeking automated collection and management of Qualys reports to improve efficiency and data accuracy.
This workflow example demonstrates how to leverage n8n’s powerful automation capabilities combined with Qualys and TheHive security tools to achieve end-to-end automated report collection, case management, and archiving—significantly boosting vulnerability management and security response efficiency. Deploy now to empower your security operations with intelligent automation.
HubSpot Deal Line Item Duplication and Notification Automation Workflow
This workflow automates the quick duplication of transaction item details on the HubSpot platform. When a deal is marked as "closed" and a related deal is created, the system automatically copies the item details to the new deal, reducing manual entry errors. Additionally, the team is instantly notified via Slack of the successful duplication, enhancing work efficiency and data consistency, making it suitable for sales teams and CRM administrators.
Scheduled Cleanup of Transport Status Package Label Notification Workflow
This workflow is triggered either by a timer or a webhook to automatically clean up package label data in the database that is older than one month and has a status of "TRANSPORTE-RECEBIDO." It sends a notification to Telegram upon completion of the cleanup. This effectively addresses the issue of data accumulation for logistics package labels, prevents database redundancy, and ensures a tidy data environment. It is suitable for industries such as logistics and warehousing, enhancing operational efficiency, reducing manual operations, and achieving automation in data management with real-time notifications.
Creating a Meeting with the Zoom Node
This workflow automatically creates Zoom meetings through a manual trigger, streamlining the meeting scheduling process. Users can generate meeting links quickly with just one click, without the need to log into the Zoom client, thereby enhancing work efficiency. This feature is particularly suitable for remote working teams, sales personnel, and educational institutions, helping them save time and reduce operational costs when organizing online meetings, achieving automation in meeting creation.
Keap New Contact Trigger
This workflow is designed to monitor and manage new contact information on the Keap platform in real-time, automatically triggering events to capture newly added customer data. Through automation, users can quickly respond to changes in customer information, enhancing sales and customer service efficiency while reducing the risks of information delays and omissions. It is suitable for sales teams, customer service departments, and technical teams that need to stay updated on customer dynamics, facilitating efficient synchronization and intelligent management of customer data.
Perform a Domain Search (Single) with Icypeas
This workflow implements secure scanning of a single domain name or company name through the Icypeas platform. The automated authentication process ensures the security and timeliness of data requests. Users can customize their input for quick domain security queries, reducing risks associated with domain security vulnerabilities. It is suitable for corporate security teams, marketing personnel, and IT operations, enhancing work efficiency, enabling timely awareness of potential threats, and ensuring network security.
Receive Updates for Events in Chargebee
This workflow achieves real-time monitoring of business changes such as subscriptions, billing, and payments by listening to all event updates on the Chargebee platform. Users can automatically receive and respond to various events, avoiding manual queries or missing key information, thereby enhancing the automation and timeliness of management. It is suitable for businesses that need to track user subscription changes and financial synchronization, helping to improve business response speed, reduce manual intervention, and ensure efficient operations.
Import Multiple Manufacturers from Google Sheets to Shopware 6
This workflow is designed to automatically import manufacturer information from Google Sheets to the Shopware 6 e-commerce platform, supporting multilingual translation and logo uploads, thereby streamlining the bulk management process. Data security is ensured through OAuth2 authentication, and custom code nodes are used to flexibly construct requests, enhancing the efficiency and accuracy of the imports. It is suitable for e-commerce operators and IT automation engineers, helping businesses quickly achieve data synchronization, reduce human errors, and improve work efficiency.
AI SysAdmin — Intelligent Linux VPS System Administrator Assistant
This workflow integrates AI technology with SSH tools to provide an intelligent Linux system administrator assistant. Users can make operational requests in natural language, and the system automatically generates and securely executes Linux commands, returning clear feedback on the results. It significantly lowers the operational threshold, enhances efficiency and security, and is suitable for scenarios such as server management, automated operations, and education and training, helping system administrators and technical support personnel complete tasks more efficiently.