ManualTrigger Automate

Automate report generation with ManualTrigger Automate, fetching and processing Qualys reports every hour. This workflow filters out already processed reports, creates cases in TheHive for new findings, and attaches relevant reports, ensuring efficient vulnerability management and timely updates for security operations.

7/8/2025
23 nodes
Complex
schedulecomplexfiltersplitinbatcheswaitn8nexecuteworkflowsplitoutthehiveprojectschedule triggersticky noteautomationadvancedapiintegrationlogicconditionaldataparsingcron
Categories:
Schedule TriggeredComplex WorkflowBusiness Process Automation
Integrations:
FilterSplitInBatchesWaitN8nExecuteWorkflowSplitOutTheHiveProjectSchedule TriggerSticky Note

Target Audience

This workflow is ideal for Security Operations Centers (SOCs), IT security teams, and vulnerability management professionals who need to automate the retrieval and organization of security reports from Qualys into TheHive. It is particularly useful for organizations that manage multiple security reports and require timely updates to maintain their security posture.

Problem Solved

This workflow addresses the challenge of manual report handling by automating the process of fetching, filtering, and organizing Qualys reports. It ensures that only newly generated reports are processed, thereby preventing duplicates and enhancing the efficiency of vulnerability management efforts. By creating cases in TheHive for each report, it streamlines the tracking and response to vulnerabilities.

Workflow Steps

  • Set Global Variables: Initializes key variables like base_url and newtimestamp to ensure the workflow operates with up-to-date configurations.

    2. Fetch Reports from Qualys: Sends a GET request to the Qualys API to retrieve reports that are in a Finished state, ensuring timely updates.

    3. Convert XML to JSON: Transforms the XML response from Qualys into JSON format for easier manipulation.

    4. Filter Reports: Checks the timestamps of the reports against a stored timestamp to identify which reports are newer and have not yet been processed.

    5. Process Each Report: Loops through the filtered reports, ensuring each is handled individually for reliability.

    6. Create Case in TheHive: Generates a new case in TheHive for every new report, serving as a container for the report data.

    7. Download and Attach Report: Downloads each report from Qualys and attaches it to the corresponding case in TheHive, ensuring all relevant data is consolidated in one location.

    • Customization Guide

    To customize this workflow:
    - Modify Global Variables: Adjust the base_url to match your Qualys API endpoint.
    - Change Filtering Logic: Alter the conditions in the filter node to fit your organization’s report processing requirements.
    - Edit Case Fields: Customize the fields in the Create Case node to include additional information relevant to your reporting needs.
    - Adjust Scheduling: Change the schedule trigger settings to modify how frequently the workflow runs (e.g., every hour, every day).
    - Add Additional Processing Steps: Integrate more nodes for further processing or notifications as needed.