What this workflow does
This workflow lets you control Qualys vulnerability scans and generate reports using Slack commands.
The main problem it solves is saving time and avoiding mistakes from manual scanning and reporting.
It changes hours of work into minutes by automating scan triggers and report creation inside Slack.
You get scan results or reports posted directly into your Slack channels fast and reliably.
Who should use this workflow
This is for security analysts managing vulnerabilities at companies.
Users who want to stop manually triggering scans or sharing reports and avoid errors.
Also good for teams wanting faster security communication without switching apps.
Tools and services used
- n8n automation platform: Runs the workflow and connects APIs.
- Slack API: Receives shortcut commands, shows modals, and posts messages.
- Qualys API: Launches vulnerability scans and creates scan reports.
How this workflow works: Inputs, Processing, and Output
Inputs
- Slack shortcut actions from users inside Slack.
- User input in Slack modals like scan title, asset groups, report template.
Processing Steps
- Webhook node listens for incoming Slack interactions.
- Set node (Parse Webhook) extracts Slack payload data to parse parameters.
- Switch node (Route Message) directs flow based on interaction type.
- Respond immediately to Slack with Respond to Webhook node to avoid timeouts.
- Show Slack modals with HTTP Request node calling Slack’s views.open API, collecting scan or report settings.
- Close modal and acknowledge submission with Respond to Webhook node sending 204 response.
- Set node collects and prepares variables from modal input for use in sub-workflows.
- Call Execute Workflow nodes to run Qualys scan or report jobs using API.
- Post scan results or report files back to specified Slack channels via API.
Output
- Scan initiation confirmation messages.
- Detailed scan reports uploaded and shared inside Slack channels.
- Reduced manual workload and faster vulnerability information sharing.
Beginner step-by-step: How to build this in n8n
Importing the workflow
- Click the Download button on this page to save the workflow file.
- Open the n8n editor where you want to use the workflow.
- Choose Import from File and select the downloaded workflow.
Configure credentials
- Add your Slack API credentials with required permissions.
- Enter your Qualys API credentials with scan and report rights.
Update workflow properties
- Check IDs for Slack channels in notification nodes and update if needed.
- Verify any static URLs for Qualys API point to your environment.
Test and activate
- Run the workflow manually or trigger a Slack shortcut to test.
- Confirm modals open and scans or reports run correctly.
- Activate the workflow to run automatically.
If self hosting n8n, see self-host n8n for deployment options.
Customization ideas
- Change Slack channels to send scan or report notifications.
- Add fields in the Slack scan modal for severity or scheduling options.
- Include more report output formats like JSON or TXT in the report modal.
- Modify Qualys API URLs in the workflow for different regions or environments.
Common failures and fixes
Slack modal not opening or invalid trigger_id error
The trigger_id expires quickly, usually within 3 seconds.
Make sure to call the Slack views.open API fast and use the correct trigger_id from the parsed payload.
Qualys API authentication errors
Wrong API Key or expired token cause failures.
Check Qualys credentials and test API connections manually inside n8n.
Modal submission data not passing correctly
Wrong JSON paths in Set nodes can cause missing data.
Use n8n debug to inspect the payload and fix the field references.
Summary of result and benefits
✓ You save hours of manual work weekly.
✓ The vulnerability scan and report process becomes faster and less error-prone.
✓ Slack becomes a central place to trigger scans and share results.
→ Your security team sees scan data quickly and reliably.