Automate Qualys Scans & Reports via Slack with n8n

What this workflow does

This workflow connects Slack with Qualys to let users start vulnerability scans and create reports directly from Slack.
It removes the need to log into Qualys manually, saving time and reducing errors.
Users can open Slack modals to enter scan or report details and get instant feedback inside Slack.
The workflow then calls Qualys APIs to run scans or generate reports automatically.
It helps security teams work faster and avoid missing risks.

Who should use this workflow

Security operations teams who use Qualys for vulnerability management and want to simplify their tasks.
Slack users who want to launch scans and reports without leaving their chat app.
Anyone who spends too much time switching between browsers and copying data for scan tasks.
Users with access to Qualys API and Slack admin rights to install apps.

Tools and services used

• Slack: Used for user interaction and showing modals inside the workspace.
• Qualys Vulnerability Management API: Triggers scans and generates reports.
• n8n Automation Platform: Runs the workflow, connects Slack events to Qualys API calls.
• OAuth credentials: Needed for Slack app authentication.

Workflow inputs, processing, and outputs

Inputs

• User Slack interactions such as slash commands or button presses.
• Scan configuration data (scan title, option profile, asset groups) entered in Slack modals.
• Report parameters like template, title, and format selected via Slack.

Processing steps

• Webhook node receives Slack events via HTTP POST.
• Payload is extracted and parsed to identify command type.
• Switch node routes events to correct branches: vulnerability scan or report.
• HTTP Request nodes open Slack modal popups for user input.
• Modal responses are handled and modal windows are closed with appropriate status.
• Input data is extracted to set variables for Qualys API calls.
• Sub-workflows run to start scans or create reports using Qualys API.
• Slack messages optionally confirm scan or report status.

Outputs

• Slack modals for easy user input.
• Qualys vulnerability scans initiated with user parameters.
• Scan reports generated in requested formats.
• Instant Slack feedback messages confirming actions.

Beginner step-by-step: How to build this in n8n

Import and setup

1. Use the Download button on this page to get the workflow file.
2. Open the n8n editor and select “Import from File” to add this workflow.
3. After import, open the workflow and add all necessary credentials:
   • Slack OAuth credentials for the Slack nodes.
   • Qualys API Key or credentials for API calls.

4. Update any IDs, emails, channels, or folder names in the nodes if the defaults don’t match your setup.

Testing and activation

5. Test the workflow by triggering the Slack commands or button events to confirm modals open and inputs flow correctly.
6. Verify that scans or report generation runs successfully via sub-workflows.
7. Once tested, activate the workflow by switching it from draft to active mode.
8. Monitor run history in n8n for errors and fix any issues before full production use.

For users running self-host n8n, ensure the webhook URLs are publicly reachable for Slack integration.

Customization ideas

• Add fields in Slack modals for scheduling scans or filtering reports.
• Include Slack notification messages after scans or reports finish.
• Post results to different Slack channels based on user input.
• Fetch asset groups dynamically from Qualys to populate modal dropdowns.

Handling errors and edge cases

• If Slack shows “invalid_auth” error, check OAuth token and Slack app permissions.
• If webhook doesn’t trigger, confirm webhook URL and HTTP method are correct in Slack event settings.
• If Qualys API calls fail, verify all parameters match API requirements and test sub-workflows alone.
• Repeated or duplicate scans can happen if modal inputs are sent twice. Implement safeguards if needed.

Summary and results

✓ Users start vulnerability scans and request reports with just a few clicks in Slack.
✓ Manual steps and mistakes are reduced significantly.
✓ Security teams save 6-8 hours weekly on scan and report management.
✓ Clear Slack messages keep users informed in real time.
✓ Workflow adapts easily for scanning or reporting needs.