Qualys Security Operations Bot for Slack using n8n

Unlock Streamlined Security Management with this Bot

This n8n workflow acts as a powerful Qualys Security Operations Bot for Slack, empowering your team to manage critical security tasks like vulnerability scanning and report generation directly from your Slack workspace. Forget context switching and navigating complex dashboards for routine actions; this bot brings Qualys capabilities right into your team's communication hub.

Key Abilities & Benefits

• Slack-Powered Vulnerability Scanning: Initiate Qualys vulnerability scans on demand using simple Slack interactions (e.g., slash commands) and interactive modals. Define scan titles, target asset groups, and option profiles without leaving Slack.
• On-the-Fly Security Reporting: Generate detailed Qualys security reports (PDF, HTML, CSV) based on existing scan data. Select report templates, customize titles, and choose output formats through an intuitive Slack modal.
• Seamless Qualys Integration: Connects directly to your Qualys environment by leveraging n8n sub-workflows for core Qualys API interactions (scan initiation, report creation).
• Interactive Slack Modals: Provides a user-friendly interface within Slack for inputting necessary parameters, making complex operations accessible to authorized team members.
• Intelligent Routing & Execution: Efficiently processes Slack commands and modal submissions, routing them to the correct Qualys actions and dedicated sub-workflows.
• Centralized Operations: Reduces the need to switch between multiple platforms, improving focus and response times for security tasks.

• An n8n instance (Cloud or self-hosted).
• Qualys API credentials with necessary permissions for launching scans and generating reports.
• A Slack App set up with a Bot Token, Signing Secret, and permissions for slash commands, interactive components (modals), and posting messages. The Slack App's Request URL for interactivity and slash commands should point to the n8n webhook URL.
• Two pre-configured n8n sub-workflows: one for 'Qualys Start Vulnerability Scan' (referenced by ID pYPh5FlGZgb36xZO in this template) and one for 'Qualys Create Report' (referenced by ID icSLX102kSS9zNdK in this template). These sub-workflows must handle the actual Qualys API calls and be imported into your n8n instance.

1. Download the n8n workflow JSON file for this main bot.
2. Import the workflow into your n8n instance.
3. Locate the 'Webhook' node (named 'Webhook'). Note its Test and Production URLs. Configure your Slack App's slash commands and interactivity features to use this URL as the Request URL.
4. In the 'Vuln Scan Modal' and 'Scan Report Task Modal' (HTTP Request nodes), go to the 'Credentials' section and select or create your Slack API credentials (Bot User OAuth Token).
5. Verify the 'Qualys Start Vulnerability Scan' (Execute Workflow node) and 'Qualys Create Report' (Execute Workflow node). Ensure the workflowId parameter in each node correctly points to YOUR imported and configured Qualys sub-workflows. Update these IDs if your sub-workflow IDs are different.
6. (Sub-workflow setup) Ensure your 'Qualys Start Vulnerability Scan' and 'Qualys Create Report' sub-workflows are correctly configured with Qualys API credentials and any Slack nodes within them are set to post to your desired channels.
7. Customize the Slack modal definitions within the 'Vuln Scan Modal' and 'Scan Report Task Modal' nodes (JSON body) if you need different fields, options, or branding.
8. Review the 'Route Message' and 'Route Submission' (Switch nodes) to understand the routing logic based on Slack callback_id and modal titles. Adjust if necessary.
9. Activate the workflow. Test by triggering the associated Slack slash command or interaction that opens the modals.