QFlow Lab Supplement

QFlow
Lab Tutorial Supplement

Table of Contents
QFlow UI & Editor ............................................................................................................................ 3
Simple Data Collection Workflow......................................................................................................... 3
Trigger Node ................................................................................................................................................................ 4
Resource & Action Nodes ....................................................................................................................................... 4
QFlow & CloudView Integration ................................................................................................. 5
QFlow “CloudView Control” Node ......................................................................................................... 5
CSA Custom Control ................................................................................................................................... 6
Launch EC2 Perimeter Scan ......................................................................................................... 7
Filter Node .................................................................................................................................................... 7
Data Formatter Node ................................................................................................................................ 8
Custom Node ................................................................................................................................................ 8
HTTP Node – Add IPs ................................................................................................................................ 9
HTTP Node – Launch Scan ....................................................................................................................... 9
2
QFlow UI & Editor
Creating a QFlow begins inside the QFlow editor. Every editor contains a “Trigger” node and other
nodes are available through the Node Explorer.
Simple Data Collection Workflow

The QFLOWS section provides the list of existing QFlows, along with their current status, last
execution date, and any integrated Qualys applications.
This first lab exercise uses a QFlow “Developer” user role to demonstrates the steps to build a simple
“Data Collection” QFlow. A Developer can create and test, but cannot approve or execute QFlows in
a production environment.
Navigate to the following URL to view the “Simple Data Collection QFlow” tutorial:
LAB 1 - https://ior.ad/8vCk
3
Trigger Node
QFlows can be scheduled to run every hour, day, or week. You can also run QFlows manually via the
“Run” button
When activated, the “CloudView” trigger will synchronize QFlow runs with CloudView data
collections via Qualys Cloud Connector.
Resource & Action Nodes

Resource nodes provide access to your cloud-based resources and data via the Qualys Cloud
Connector.
Action nodes leverage the services and functions provided by your cloud-based accounts, to take
actions or remediation steps that target account resources.
Qualys Cloud Connecter must be configured with both “read” and ”write” privileges to support the
use of “Action” nodes
4
QFlow & CloudView Integration
While the CSA Control Library covers a wide range of cloud-based applications and services, many
organizations maintain custom applications or applications that are installed and configured in an
unconventional fashion.
The “CloudView Control” node in QFlow provides integration with Qualys CloudView to help you
create custom controls for your unique applications or configurations.
• Step One: Build a QFlow with the “CloudView Control” node to evaluate cloud resources and
then deploy it for integration with Qualys Cloud Security Assessment (CSA).
• Step Two: Build a Custom CSA Control that uses the output provided by a QFlow that has
been deployed.
QFlow “CloudView Control” Node

Once you have selected the data to evaluate, the “CloudView Control” node provides options for
configuring the evaluation criteria and selecting Keys for evidence.
The primary components of the “CloudView Control”

node include:
• Target Resource
• Evaluation Criteria
• Evidence Keys
The Evaluation Criteria will determine the PASS/FAIL
status of targeted instances.
The Keys selected as evidence will be included in the
QFlow’s output. Keys are required for the ‘ResourceId’
and ‘DisplayName’ fields.
Navigate to the following URL to view the “QFlow ‘CloudView Control’ Node” tutorial:
LAB 2 - https://ior.ad/8wwb
5
QFlows that leverage the CloudView Control must first be enabled or deployed, before resource data
is consumed by Qualys Cloud Security Assessment (CSA).
CSA Custom Control

To create a custom control in Qualys CloudView (one that uses the output generated by a QFlow),
navigate to the Controls Library in CloudView and click the “Create Control” button.
Navigate to the following URL to view the “Create Custom CloudView Control” tutorial:
LAB 3 - https://ior.ad/8wwR
The evaluation criteria and evidence have already been defined within the QFlow.
Only QFlows that have been deployed are eligible for selection.
6
Launch EC2 Perimeter Scan
Discover public facing EC2 instances and add their IPs to your “scannable” subscription. Use Qualys
Internet-based Scanners to launch a scan against the public IPs.
Filter Node
The “Filter” node can filter data from previous nodes in the workflow. Since the “AWS Resource”
node is the only eligible node, it is selected as the “Node data to filter.”
QFlow nodes have different Filter Types including dates, tags, Security Groups, and Network ACLs.
The “Param” filter type allows for conditions that target Key fields in the resource data.
In the example above, the “Key” and “Operator” fields combine to single-out EC2 instances that have
a public IP address (i.e., $.PublicIpAddress exists).
7
Data Formatter Node
While the “Filter” node reduced the number of EC2 instances, the “Data Formatter” node allows you
to tune and filter instance Keys for the QFlow output.
Since all remaining nodes only require the public IP address from each instance, the “Data Formatter”
node filters-out all other Key fields.
Custom Node
JavaScript (node.js) is used to add targeted public IPs to the “Asset” and “Scan” API function calls.
The “Asset” and “Scan” API URLs are already included in the “addIP” and “launchScan” variables.
8
HTTP Node – Add IPs
Once the “Custom” node constructs the appropriate URL to perform a Qualys API function call, the
“HTTP” node executes the function call via the “Endpoint URI” field.
In the example above, the “HTTP” node does not target a workflow resource. A POST method is
executed. The “Endpoint URI” field holds the “addIp” variable, that provides the “Asset” API function
call URL (with public IPs included).
HTTP Node – Launch Scan

Once the “Custom” node constructs the appropriate URL to perform a Qualys API function call, the
“HTTP” node executes the function call via the “Endpoint URI” field.
In the example above, the “HTTP” node does not target a workflow resource. A POST method is
executed. The “Endpoint URI” field holds the “launchScan” variable, that now provides the “SCAN”
API function call URL (with public IPs included).

QFlow Lab Supplement

Uploaded by

Copyright:

Available Formats

QFlow Lab Supplement

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

QFlow Lab Supplement

Uploaded by

Copyright:

Available Formats

QFlow

Lab Tutorial Supplement

Simple Data Collection Workflow

Resource & Action Nodes

QFlow “CloudView Control” Node

The primary components of the “CloudView Control”

CSA Custom Control

HTTP Node – Launch Scan

You might also like