id: 7162903e-e07f-426b-9b07-63b8c7eb77b1 Function: Title: Parser for QualysHostDetection Version: '1.0.1' LastUpdated: '2025-03-28' Category: Microsoft Sentinel Parser FunctionName: QualysHostDetection FunctionAlias: QualysHostDetection FunctionQuery: | union isfuzzy=true ( QualysHostDetection_CL | mv-expand todynamic(Detections_s) | extend Severity_s = tostring(Detections_s.Severity), Status_s = tostring(Detections_s.Status), QID_s = tostring(Detections_s.Results) ), ( QualysHostDetectionV2_CL ) | extend TenantId = column_ifexists('TenantId', ''), SourceSystem = column_ifexists('SourceSystem', ''), MG = column_ifexists('MG', ''), ManagementGroupName = column_ifexists('ManagementGroupName', ''), TimeGenerated = column_ifexists('TimeGenerated', ''), Computer = column_ifexists('Computer', ''), RawData = column_ifexists('RawData', ''), Id = column_ifexists('Id_s', ''), HostId = column_ifexists('HostId_s', ''), HostTags = column_ifexists('HostTags_s', ''), IPAddress = column_ifexists('IPAddress', ''), TrackingMethod = column_ifexists('TrackingMethod_s', ''), OperatingSystem = column_ifexists('OperatingSystem_s', ''), DnsName = column_ifexists('DnsName_s', ''), NetBios = column_ifexists('NetBios_s', ''), QGHostId = column_ifexists('QGHostId_g', ''), LastScanDateTime = column_ifexists('LastScanDateTime_t', ''), LastVMScannedDateTime = column_ifexists('LastVMScannedDateTime_t', ''), LastVMAuthScannedDateTime = column_ifexists('LastVMAuthScannedDateTime_t', ''), QID = column_ifexists('QID_s', ''), SSL = column_ifexists('SSL_s', ''), Status = column_ifexists('Status_s', ''), Ignored = column_ifexists('Ignored_s', ''), Severity = column_ifexists('Severity_s', ''), Disabled = column_ifexists('Disabled_s', ''), LastFixed = column_ifexists('LastFixed_t', ''), LastFound = column_ifexists('LastFound_t', ''), TimesFound = column_ifexists('TimesFound_s', ''), FirstFound = column_ifexists('FirstFound_t', ''), LastUpdate = column_ifexists('LastUpdate_t', ''), Result_column_count = column_ifexists('Result_column_count_d', ''), Results_0 = column_ifexists('Results_0_s', ''), Type = column_ifexists('Type', ''), _ResourceId = column_ifexists('_ResourceId', '') | project TenantId , SourceSystem , MG , ManagementGroupName , TimeGenerated , Computer , RawData , Id , HostId , HostTags , IPAddress , TrackingMethod , OperatingSystem , DnsName , NetBios , QGHostId , LastScanDateTime , LastVMScannedDateTime , LastVMAuthScannedDateTime , QID , SSL , Type , Status , Ignored , Severity , Disabled , LastFixed , LastFound , TimesFound , FirstFound , LastUpdate , Result_column_count , Results_0 , _ResourceId