> For the complete documentation index, see [llms.txt](https://miyabi-threatworks.gitbook.io/miyabi-threatworks-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://miyabi-threatworks.gitbook.io/miyabi-threatworks-docs/qualys-ai-triage-pack/overview.md).

# Overview

## What is **Qualys AI Triage Pack**

**Qualys AI Triage Pack** is a Python application that transforms **Qualys CSV exports** into a client-ready deliverable by:

* Selecting and prioritizing the **Top X** vulnerabilities (with an LLM-based rationale)
* Generating a **technical report** (evidence, remediation guidance, and structured findings)
* Generating a **descriptive/executive-friendly narrative** (plain-language explanation)
* Rendering the final output as a **static HTML report** (with CSS/assets)
* Optionally sending **notifications** and pushing run data to integrations (Slack, email, OpenSearch, etc.)
* Package link: [Qualys AI Triage Pack](https://miyabithreatworks.gumroad.com/l/qualys-ai-triage-pack)

## Inputs

* One or more **Qualys CSV** files placed in the configured input directory (default: `Insumos/Reports/`).

> The application processes files using a configurable glob pattern (for example: `*.csv`).

## Outputs

For each input CSV, the pipeline creates an output folder under `output/<csv_name>/` containing:

* `index.html`: the generated report (technical + descriptive)
* `assets/`: CSS, branding assets (logo), and other static resources
* `run.json`: optional execution metadata (when enabled)

## High-level pipeline

{% stepper %}
{% step %}

### Ingestion

Parse and normalize Qualys CSV rows into an internal domain model.
{% endstep %}

{% step %}

### Aggregation

Group related rows into vulnerability aggregates (per QID / asset / etc.).
{% endstep %}

{% step %}

### Selection / prioritization

Apply constraints (for example diversification by host) and choose the **Top X** items.
{% endstep %}

{% step %}

### LLM enrichment

Generate rationales and report sections using the configured OpenAI model.
{% endstep %}

{% step %}

### Report generation

Build technical + descriptive sections and render with Jinja templates.
{% endstep %}

{% step %}

### Rendering

Write the HTML report and copy assets into the output directory.
{% endstep %}

{% step %}

### Notifications & integrations (optional)

Publish events, send Slack/email, or push datasets depending on config.
{% endstep %}
{% endstepper %}

## Configuration (at a glance)

Configuration lives in `config/config.yaml` and is typically created from `config/config.example.yaml`.

Common settings include:

* **Input**: directory, glob, delimiter/encoding
* **Output**: output directory and naming
* **Selection**: Top X and constraints (avoid duplicates, diversify by host, etc.)
* **LLM**: model, temperature, token limits, timeouts, retries
* **Rendering**: theme, templates, branding (logo)
* **Notifications/integrations**: Slack, email, OpenSearch, Metabase, etc.

## Language support (i18n)

The pipeline supports multiple languages for:

* Report labels and UI strings
* Email templates
* CLI messages
* LLM-generated text (the LLM is instructed to answer in the effective language)

Set the language via `app.language` (for example `en-US`, `pt-BR`, `es`, `fr`, `de`, `ja`, `ko`).
