Home Examples

Examples

Example Q&A pairs showing how real security questions map to the 7 workflow tools in Qualys MCP v0.1.0.

Investigation

Q: Are we affected by Log4Shell?
→ investigate(target="CVE-2021-44228")

Q: Tell me everything about CVE-2024-3400
→ investigate(target="CVE-2024-3400", depth="deep")

Q: Are we exposed to Lazarus Group?
→ investigate(target="Lazarus Group")

Q: What ransomware vulnerabilities exist?
→ investigate(target="ransomware", threat_type="Ransomware")

Q: What's happening on 10.0.0.1?
→ investigate(target="10.0.0.1", scope="all")

Q: What vulnerabilities affect Apache?
→ investigate(target="Apache", software="Apache")

Q: Show me EDR events this week
→ investigate(target="endpoint threats", scope="edr", days=7)

Q: File changes on production servers today
→ investigate(target="production", scope="fim", days=1)

Q: What CISA KEV vulns affect us?
→ investigate(target="CISA KEV", threat_type="Cisa_Known_Exploited_Vulns")

Q: Deep investigation of our OpenSSL exposure
→ investigate(target="OpenSSL", software="OpenSSL", depth="deep")

Risk Assessment

Q: What's our overall risk posture?
→ assess_risk()

Q: Cloud risk in AWS
→ assess_risk(scope="cloud", provider="aws")

Q: Top risky assets
→ assess_risk(scope="assets", sort_by="trurisk")

Q: Container image vulnerabilities
→ assess_risk(scope="containers")

Q: Certificates expiring in 30 days
→ assess_risk(scope="certs", days=30)

Q: EOL systems in our environment
→ assess_risk(scope="assets", eol_only=True)

Q: Risk for Production environment
→ assess_risk(tag="Production", breakdown_by="tag")

Q: Web app vulns in customer-portal
→ assess_risk(scope="web", app_name="customer-portal")

Q: Weak ciphers or TLS 1.0?
→ assess_risk(scope="certs", weak_ciphers=True, protocol_filter="TLSv1.0")

Q: Why is asset 233946644 high risk?
→ assess_risk(asset_id="233946644")

Q: Stale assets not seen in 90 days
→ assess_risk(scope="assets", days_since_seen=90)

Q: Azure cloud posture
→ assess_risk(scope="cloud", provider="azure")

Compliance

Q: Are we PCI compliant?
→ check_compliance(framework="PCI")

Q: Show me all failing CIS controls
→ check_compliance(framework="CIS")

Q: HIPAA compliance posture
→ check_compliance(framework="HIPAA")

Q: Risk acceptances expiring in 30 days
→ check_compliance(include_exceptions=True, days_to_expiry=30)

Q: What frameworks do we have?
→ check_compliance()

Q: Linux compliance rate
→ check_compliance(platform="linux")

Q: False positive exceptions
→ check_compliance(include_exceptions=True, vuln_type="False Positive")

Remediation Planning

Q: What should we patch first?
→ plan_remediation()

Q: Outstanding Windows patches
→ plan_remediation(scope="patches", platform="windows")

Q: Is there a mitigation for CVE-2024-3400?
→ plan_remediation(scope="mitigations", cves=["CVE-2024-3400"])

Q: Patch deployment status
→ plan_remediation(scope="patches", status="Running")

Q: What's missing from our security program?
→ plan_remediation(scope="program")

Q: Critical patches only
→ plan_remediation(severity="critical")

Security Overview

Q: Morning security briefing
→ security_overview(period="today")

Q: What happened this week?
→ security_overview(period="week")

Q: Quick environment snapshot
→ security_overview(quick=True)

Q: Any new critical vulns today?
→ security_overview(period="today", severity="5")

Q: Scanner status
→ security_overview(scope="infrastructure")

Q: Monthly security summary
→ security_overview(period="month")

Reports

Q: List all available reports
→ reports(action="list")

Q: Show report templates
→ reports(action="templates")

Q: Generate a PDF report
→ reports(action="generate", template_id="12345", output_format="pdf")

Q: Download report 67890
→ reports(action="download", report_id="67890")

Multi-turn Conversation Examples

CVE Investigation Drilldown

Turn 1: "Are we affected by Log4Shell?"
  → investigate(target="CVE-2021-44228")

Turn 2: "What's the risk for production assets?"
  → assess_risk(tag="Production")

Turn 3: "What patches are available?"
  → plan_remediation(cves=["CVE-2021-44228"])

Security Standup Prep

Turn 1: "Morning briefing"
  → security_overview(period="today")

Turn 2: "What should we prioritize?"
  → plan_remediation()

Turn 3: "How's our compliance?"
  → check_compliance()

PCI Audit Prep

Turn 1: "PCI compliance status"
  → check_compliance(framework="PCI")

Turn 2: "Cloud risk?"
  → assess_risk(scope="cloud")

Turn 3: "Expiring certificates?"
  → assess_risk(scope="certs", days=90)

Turn 4: "Outstanding patches for PCI scope"
  → plan_remediation(tag="PCI")

Tips for AI Assistants

  • For "what happened" questionssecurity_overview(period="today")
  • For specific CVE questionsinvestigate(target="CVE-XXXX-XXXX")
  • For "what should we fix" questionsplan_remediation()
  • For risk posture questionsassess_risk() with appropriate scope
  • For compliance questionscheck_compliance(framework="...")
  • For cloud/container/web/cert questionsassess_risk(scope="...")
  • For threat huntinginvestigate(target="...", threat_type="Ransomware")
  • For asset-specific questionsassess_risk(asset_id="...")
  • For environment orientationsecurity_overview(quick=True)
  • For scanner/infrastructure healthsecurity_overview(scope="infrastructure")
← Previous Tools Next → Architecture
MIT License - Copyright (c) 2026 Andrew Nelson
GitHub PyPI