Overview
What is Qualys AI Triage Pack
Qualys AI Triage Pack is a Python application that transforms Qualys CSV exports into a client-ready deliverable by:
Selecting and prioritizing the Top X vulnerabilities (with an LLM-based rationale)
Generating a technical report (evidence, remediation guidance, and structured findings)
Generating a descriptive/executive-friendly narrative (plain-language explanation)
Rendering the final output as a static HTML report (with CSS/assets)
Optionally sending notifications and pushing run data to integrations (Slack, email, OpenSearch, etc.)
Inputs
One or more Qualys CSV files placed in the configured input directory (default:
Insumos/Reports/).
The application processes files using a configurable glob pattern (for example:
*.csv).
Outputs
For each input CSV, the pipeline creates an output folder under output/<csv_name>/ containing:
index.html: the generated report (technical + descriptive)assets/: CSS, branding assets (logo), and other static resourcesrun.json: optional execution metadata (when enabled)
High-level pipeline
Configuration (at a glance)
Configuration lives in config/config.yaml and is typically created from config/config.example.yaml.
Common settings include:
Input: directory, glob, delimiter/encoding
Output: output directory and naming
Selection: Top X and constraints (avoid duplicates, diversify by host, etc.)
LLM: model, temperature, token limits, timeouts, retries
Rendering: theme, templates, branding (logo)
Notifications/integrations: Slack, email, OpenSearch, Metabase, etc.
Language support (i18n)
The pipeline supports multiple languages for:
Report labels and UI strings
Email templates
CLI messages
LLM-generated text (the LLM is instructed to answer in the effective language)
Set the language via app.language (for example en-US, pt-BR, es, fr, de, ja, ko).
Last updated