# Overview

## What is **Qualys AI Triage Pack**

**Qualys AI Triage Pack** is a Python application that transforms **Qualys CSV exports** into a client-ready deliverable by:

* Selecting and prioritizing the **Top X** vulnerabilities (with an LLM-based rationale)
* Generating a **technical report** (evidence, remediation guidance, and structured findings)
* Generating a **descriptive/executive-friendly narrative** (plain-language explanation)
* Rendering the final output as a **static HTML report** (with CSS/assets)
* Optionally sending **notifications** and pushing run data to integrations (Slack, email, OpenSearch, etc.)
* Package link: [Qualys AI Triage Pack](https://miyabithreatworks.gumroad.com/l/qualys-ai-triage-pack)

## Inputs

* One or more **Qualys CSV** files placed in the configured input directory (default: `Insumos/Reports/`).

> The application processes files using a configurable glob pattern (for example: `*.csv`).

## Outputs

For each input CSV, the pipeline creates an output folder under `output/<csv_name>/` containing:

* `index.html`: the generated report (technical + descriptive)
* `assets/`: CSS, branding assets (logo), and other static resources
* `run.json`: optional execution metadata (when enabled)

## High-level pipeline

{% stepper %}
{% step %}

### Ingestion

Parse and normalize Qualys CSV rows into an internal domain model.
{% endstep %}

{% step %}

### Aggregation

Group related rows into vulnerability aggregates (per QID / asset / etc.).
{% endstep %}

{% step %}

### Selection / prioritization

Apply constraints (for example diversification by host) and choose the **Top X** items.
{% endstep %}

{% step %}

### LLM enrichment

Generate rationales and report sections using the configured OpenAI model.
{% endstep %}

{% step %}

### Report generation

Build technical + descriptive sections and render with Jinja templates.
{% endstep %}

{% step %}

### Rendering

Write the HTML report and copy assets into the output directory.
{% endstep %}

{% step %}

### Notifications & integrations (optional)

Publish events, send Slack/email, or push datasets depending on config.
{% endstep %}
{% endstepper %}

## Configuration (at a glance)

Configuration lives in `config/config.yaml` and is typically created from `config/config.example.yaml`.

Common settings include:

* **Input**: directory, glob, delimiter/encoding
* **Output**: output directory and naming
* **Selection**: Top X and constraints (avoid duplicates, diversify by host, etc.)
* **LLM**: model, temperature, token limits, timeouts, retries
* **Rendering**: theme, templates, branding (logo)
* **Notifications/integrations**: Slack, email, OpenSearch, Metabase, etc.

## Language support (i18n)

The pipeline supports multiple languages for:

* Report labels and UI strings
* Email templates
* CLI messages
* LLM-generated text (the LLM is instructed to answer in the effective language)

Set the language via `app.language` (for example `en-US`, `pt-BR`, `es`, `fr`, `de`, `ja`, `ko`).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://miyabi-threatworks.gitbook.io/miyabi-threatworks-docs/qualys-ai-triage-pack/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.