Cyver Core directly imports XML from Qualys with support for Assets, Scan results, and Scan API results. This includes the VM Parser and the Web App Scanner.
The Qualys Web App Scanner delivers static and dynamic scans, fault injection tests, and discovery scans to help you find potential vulnerabilities. You can manually import these using the Findings Importer or automatically import them via the API.
Qualys Scan XML
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated | |
| Title | <IP > <INFOS> <INFO> <TITLE> <![CDATA[Degree of Randomness of TCP Initial Sequence Numbers]]> </TITLE> </INFO> </INFOS> </IP> | |
| Type | Vulnerability Observation | |
| Assets | <IP value="87.242.186.231" name="host-87-242-186-231.static.onetel.net.uk"> </IP> | |
| Description | ||
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info | <IP> <INFOS> <INFO severity="1"> </INFO> </INFOS> </IP> |
| CVSS20Score | ||
| CVSS20Vector | ||
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 | |
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 | |
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion | |
| CWEList | for example: CWE-1; CWE-721 | |
| CVEList | for example: CVE-1; CVE-721 | |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | ||
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft | |
| Evidence Title | <IP name="host-87-242-186-231.static.onetel.net.uk"> </IP> | |
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | <IP> <INFOS> <INFO > <RESULT> <![CDATA[Average change between subsequent TCP initial sequence numbers is 989598136 with a standard deviation of 640041304. These TCP initial sequence numbers were triggered by TCP SYN probes sent to the host at an average rate of 1/(5085 microseconds). The degree of difficulty to exploit the TCP initial sequence number generation scheme is: hard.]]> </RESULT> </INFO> </INFOS> </IP> | |
| Evidence Issue Details |
Qualys Asset XML
Assets Field Mapping
| Field | Values | Example |
| Code | default: auto-generated | |
| Title | <HOST> <VULN_DETAILS> <TITLE> <![CDATA[Enabled Auto User Logon]]> </TITLE> </VULN_DETAILS> </HOST> | |
| Type | Vulnerability Observation | |
| Assets | <HOST> <IP>10.211.55.3</IP> </HOST> | |
| Description | <HOST> <VULN_DETAILS> <THREAT> <![CDATA[Microsoft Windows NT provides a feature called "Automatic logon", which allows a user to automatically log on to his local workstation without entering a password.<P> This feature, while convenient, compromises the physical security of the workstation. Furthermore, it stores the autologin username and password in plaintext in the Windows registry:<BR> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon<P>]]> </THREAT> </VULN_DETAILS> </HOST> | |
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info | <HOST> <VULN_DETAILS> <SEVERITY>1</SEVERITY> </VULN_DETAILS> </HOST> |
| CVSS20Score | <HOST> <VULN_DETAILS> <CVSS_SCORE> <CVSS_BASE source="service">4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)</CVSS_BASE> </CVSS_SCORE> </VULN_DETAILS> </HOST> | |
| CVSS20Vector | <HOST> <VULN_DETAILS> <CVSS_SCORE> <CVSS_BASE source="service">4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)</CVSS_BASE> </CVSS_SCORE> </VULN_DETAILS> </HOST> | |
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 | |
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 | |
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion | |
| CWEList | for example: CWE-1; CWE-721 | |
| CVEList | for example: CVE-1; CVE-721 | |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | ||
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft | |
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Qualys Scan API XML
Findings Field Mapping
| Field | Values | Fields |
| Code | default: auto-generated | |
| Title | <QID><TITLE>Cross-Site Scripting</TITLE></QID> | |
| Type | Vulnerability Observation | <QID><CATEGORY>Confirmed Vulnerability</CATEGORY></QID> + <QID><SEVERITY>3</SEVERITY></QID> |
| Assets | <WEBAPP><NAME>Lanvera connect-uat</NAME></WEBAPP> + <WEBAPP><URL>https://connect-uat.lanvera.com</URL></WEBAPP> | |
| Description | <QID><DESCRIPTION>This vulnerability allows...</DESCRIPTION></QID> | |
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info | <QID><SEVERITY>3</SEVERITY></QID> |
| CVSS20Score | <QID><CVSS_BASE>7.5</CVSS_BASE></QID> | |
| CVSS20Vector | ||
| CVSS30Score | <QID><CVSS_V3><BASE>9.8</BASE></CVSS_V3></QID> | |
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 | |
| ImpactDescription | <QID><IMPACT>Attackers can exploit...</IMPACT></QID> | |
| Likelihood | 0 1 2 3 4 5 default: 0 | |
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion | |
| CWEList | for example: CWE-1; CWE-721 | <QID><CWE>79,89</CWE></QID> |
| CVEList | for example: CVE-1; CVE-721 | |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | <QID><SOLUTION>Apply input validation...</SOLUTION></QID> | |
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft | |
| Evidence Title | <PAYLOAD><REQUEST><URL>https://connect-uat.lanvera.com/index.html</URL></REQUEST></PAYLOAD> | |
| Evidence Location | <PAYLOAD><REQUEST><HEADERS><HEADER><key>Host</key><value>connect-uat.lanvera.com</value></HEADER></HEADERS></REQUEST></PAYLOAD> | |
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).