Automate Qualys VM Scans & Slack Alerts with n8n

What This Automation Does

This workflow starts a Qualys vulnerability scan automatically when you trigger it in n8n.

It watches the scan progress every 5 minutes and sends Slack messages about status updates.

When the scan finishes, it posts a summary with key details and deletes interim Slack messages to keep the chat clean.

The goal is to save time and avoid mistakes by automating scan launching and reporting.

Who Should Use This Workflow

This workflow is good for security teams or analysts who need to run Qualys scans often.

It helps if scan result delays or manual errors cause problems.

Anyone who wants Slack updates about scan statuses and easy access to reports will benefit.

Tools and Services Used

• Qualys API: To start scans and get scan summaries.
• Slack API: To post messages and updates to a Slack channel.
• n8n Platform: To build and run the workflow automating both APIs.
• XML Node: To convert Qualys XML replies into JSON for easier processing.

Beginner Step-By-Step: How to Use This Workflow in Production in n8n

1. Import Workflow

1. Download the workflow file using the Download button on this page.
2. Open your n8n editor where you want to run the automation.
3. Select “Import from File” and upload the downloaded workflow JSON file.

2. Configure Credentials and Settings

1. Go to each node that requires authentication, like the Qualys API HTTP Request and Slack nodes.
2. Add or select your Qualys API credentials (API key, platform URL).
3. Add or select your Slack API credentials and check Slack channel ID in the “Global Variables & Slack Channel” node.
4. Update any IDs, emails, or folder paths if this workflow uses personalized inputs.

3. Set Scan Details

1. Check the “Demo Data” node for the example scan title, options, and asset groups.
2. Change these values if needed or connect inputs from a Slack modal or another trigger to customize scans dynamically.

4. Test the Workflow

1. Manually run the workflow in the editor or trigger it from a parent workflow to verify everything runs without errors.
2. Check Slack for the notification about scan receipt, progress confirmations, and final summary message.

5. Activate Workflow

1. Once testing succeeds, activate the workflow so it starts running automatically when triggered.
2. If self-hosting n8n, ensure the server is running and connected to the internet for API access. Helpful resource: self-host n8n.

Workflow Inputs, Process, and Outputs

Inputs

• Scan title – name shown in Qualys UI, e.g. “n8n Scan 1”.
• Scan option title – preconfigured scan settings in Qualys.
• Asset groups – targets for scanning, such as “Group1”.
• Qualys platform URL and authentication credentials.
• Slack channel ID and Slack app credentials for messaging.

Processing Steps

• Start vulnerability scan via Qualys API HTTP POST request.
• Convert Qualys XML response to JSON for parsing scan reference.
• Send Slack message confirming scan started.
• Every 5 minutes, fetch scan summary by calling Qualys API again.
• Parse scan status from XML to JSON.
• Loop delays until scan status is ‘FINISHED’.
• Delete initial Slack message to avoid clutter.
• Post final detailed scan summary to Slack with severity counts and report link.

Outputs

• Slack notifications: receipt, progress update, done summary.
• Final scan summary with timings, asset details, vulnerability severities.
• Clean Slack thread by removing interim messages.
• Reduced manual work and faster security cycle.

Customization Ideas

• Change Slack channel ID in the “Global Variables & Slack Channel” node to post elsewhere.
• Modify scan options or asset groups in the “Demo Data” node or link dynamic inputs from UI forms.
• Adjust the 5-minute wait time node for faster or slower scan status polling.
• Rewrite Slack message text for different team tones or more instructions.
• Add nodes after scan finishes to create tickets or send emails automatically.

Troubleshooting Common Issues

• Error 401 Unauthorized: Fix Qualys API credentials in n8n credential manager. Confirm API keys and platform URL.
• No Slack messages: Verify Slack channel ID matches your workspace channel. Check Slack app permission scopes include chat:write.
• Loop never ends: Examine if XML to JSON conversion is correct. Check that the If node filters by scanning status string correctly.

Pre-Production Checklist

• Test Qualys API outside of n8n manually to confirm access.
• Verify Slack app permissions and check channel ID.
• Test the workflow manually first with known inputs.
• Inspect XML to JSON outputs for data structure correctness.
• Simulate scan finishing to ensure loop exit logic.
• Backup workflow JSON and credentials before activating.

Deployment Guide

Enable the Execute Workflow Trigger node to listen for real triggers (like Slack shortcuts). Disable manual triggers to avoid duplicate runs.

Activate the workflow and monitor runs from n8n logs.

If using self-host n8n, keep environment variables secure and maintain regular backups.

Use Slack channels and Qualys dashboards to verify operation. Adjust polling wait time as needed for scan speed.

Summary

✓ Starts and monitors Qualys scans automatically.

✓ Sends timely Slack messages updating scan status.

✓ Posts a full scan summary with results and links.

✓ Deletes cluttering interim Slack messages for clarity.

✓ Saves analyst time and reduces human error.

✓ Easy to customize scan parameters and Slack notifications.