- 3 Minutes to read
- 3 Minutes to read
Qualys Vulnerability Management (VM) is a cloud service that gives users global visibility into where their IT systems might be vulnerable to the latest Internet threats and how to protect against them.
The integration of SAFE with Qualys allows SAFE users to discover and import the assets and their respective Vulnerability Assessment results. Users can configure the pull of VA results at a pre-configured time interval, as well as trigger an on-demand pull.
- Users can configure the Qualys from Administration > SAFE Hooks > Assessment Tools > Qualys Configuration.
- After configuring the connection, SAFE pulls all the VA scan results from Qualys VMDR.
- For assets (based on IP address) present in SAFE, the VA controls are added in SAFE based on the vulnerabilities found in Qualys.
- Users can specify Qualys Asset Tag IDs as filters for pulling selective assets, and their related VA results from Qualys.
- Users can set the frequency in days (1-30 days) to pull the scan data regularly from Qualys.
To configure Qualys, you need the following details:
- Qualys API URL - The URL should start with qualysapi and not qualysguard.
- Qualys API Credentials (Refer to Creating a user in Qualys with API access )
- Verifying that the SAFE Instance’s IP address is whitelisted in the user’s Qualys Instance.
- Qualys Asset Tags to filter the Assets in Qualys and their Vulnerability Data to pull VA results of selective Assets from Qualys. (Refer to Identifying Qualys Asset Tag IDs to use as a filter for VA results pull)
2.1. Creating a user in Qualys with API access
To connect Qualys with SAFE, you can use either an existing user’s username and password, which has access to the Qualys API, or you can create a new user. The minimum access required for the user is Reader level, and the user should have both GUI and API access to properly set up the integration.
Create a new user in Qualys
- Log in to your Qualys instance.
- Scroll down and select Administration from the top-left dropdown.
- On the Administration page, click the Create User button and select Create Reader User.
- On the New Reader User page, select the user role as Reader (or higher role).
- Mark the API and GUI access checkbox.
- Click Save. The new user will get an email to verify login and complete the user registration process. We can now use the credentials to connect SAFE with Qualys.
2.2. Identifying Qualys Asset Tag IDs to use as a filter for VA results pull
The SAFE-Qualys integration allows users to specify Qualys Asset Tag Ids as filters for pulling selective assets and their related VA results from Qualys. This allows SAFE to fetch selective information from Qualys, reducing the time it takes to fetch VA results from Qualys in case the data set is large. Users have the option to configure and reconfigure the filter any number of times.
Get the Asset Tag IDs
Get the Asset Tag Ids from Qualys as follows:
- Log in to Qualys and click the Global AssetView option from the top-left dropdown.
- Select the Tags tab. The system displays a list of available tags.
- Identify the tag(s) to which the Assets are tagged in Qualys. Click the Down Arrow next to the Tag Name.
- From the dropdown, click the View option.
- The tag information will be shown with the Tag ID available on the right side of the page. Collect all the Tag IDs required to identify all eligible assets. We will use these Tag Ids while configuring Qualys with SAFE.
- Users can also, opt for creating a new Tag in case no available tag is suitable for filtering.
3. Configure Qualys
To configure Qualys:
- Navigate to the SAFE Hooks.
- Click the Configure button available on the Qualys card.
- Enter the Qualys API URL, Username, Password, and Auto-Sync Frequency.
- Enter the Qualys Asset Tag IDs as filters for pulling selective assets and their related VA results from Qualys.
- Select the ‘Import Asset from Qualys’ option.
- Click the Test Connection button.
- Once the connection is verified, click Save Configuration.
- The Qualys user’s credentials used to establish the connection must have Admin privileges to work this integration. SAFE Instance's IP should be whitelisted in the customer's Qualys instance.
- Users can pull the scan results on-demand by clicking the “Sync Now” button on the Qualys configuration page.
- SAFE only supports importing VA results from Qualys for assets in the following verticals:
- Network and Security Nodes
- End Points
4. View results
Once the Qualys is configured, SAFE pulls all the VA scan results from Qualys. For assets (based on IP address) present in SAFE, the VA controls are added in SAFE based on the vulnerabilities found in Qualys. To view the result for an asset:
- Navigate to the Technology > Inside-out > Vertical.
- Click the asset from the asset list.
- Filter the control list for Assessment tools as Qualys.
- The system displays all the controls and their status for Qualys.