Qualys VMDR
  • 4 Minutes to read
  • PDF

Qualys VMDR

  • PDF

Article Summary

This article provides a step-by-step guide to integrating SAFE with Qualys VMDR. It explains how to create a user in Qualys with API access, identify Qualys Asset Tag IDs for filtering assets and their related VA results, configure Qualys in SAFE, and view the results. Once configured, SAFE pulls all the VA scan results from Qualys and adds VA controls based on vulnerabilities found in Qualys. This integration allows users to discover and import assets and their respective Vulnerability Assessment results.

About this document


This document provides the step-by-step procedure to integrate SAFE with Qualys VMDR.

Introduction


Qualys Vulnerability Management (VM) is a cloud service that gives users global visibility into where their IT systems might be vulnerable to the latest Internet threats and how to protect against them. 

Integrating SAFE with Qualys VMDR allows SAFE users to discover and import the assets and their respective Vulnerability Assessment results. Users can configure the pull of VA results at a pre-configured time interval and trigger an on-demand pull. Qualys VMDR integration has asset matching capability that enables SAFE to automatically add assets that are discovered through Qualys VMDR to their corresponding default group based on their Operating System.

  • For assets (based on IP address) present in SAFE, the VA controls are added in SAFE based on the vulnerabilities found in Qualys.
  • Users can specify Qualys Asset Tag IDs as filters for pulling selective assets and their related VA results from Qualys. 
  • Users can set the frequency in days (1-30 days) to pull the scan data regularly from Qualys.

Prerequisites


To configure Qualys, you need the following details:

  • Qualys API URL -  The URL should start with qualysapi and not qualysguard.
  • Qualys API Credentials (Refer to Creating a user in Qualys with API access)
    • Ensure that you confirm the Qualys user can log into Qualys following creation.
    • Ensure that the configured user has access to the Asset Groups you wish to ingest into SAFE.
  • Verifying that the SAFE Instance’s IP address is whitelisted in the user’s Qualys Instance.
  • Qualys Asset Tags to filter the Assets in Qualys and their Vulnerability Data to pull VA results of selective Assets from Qualys. (Refer to Identifying Qualys Asset Tag IDs to use as a filter for VA results pull)

Creating a user in Qualys with API access


To connect Qualys with SAFE, you can use either an existing user’s username and password, which has access to the Qualys API, or you can create a new user. The minimum access required for the user is Reader level, and the user should have both GUI and API access to set up the integration properly.

Information
You need Admin access to create a new user in Qualys.
  1. Log in to your Qualys instance.
  2. Scroll down and select Administration from the top-left dropdown.
  3. On the Administration page, click the Create User button and select Create Reader User.

  4. On the New Reader User page, select the user role as Reader (or a higher role).
  5. Mark the API and GUI access checkboxes.
  6. Click Save. The new user will get an email to verify login and complete the user registration process. We can now use the credentials to connect SAFE with Qualys.

Identifying Qualys Asset Tag IDs to use as a filter for VA results pull

The SAFE-Qualys integration allows users to specify Qualys Asset Tag Ids as filters for pulling selective assets and their related VA results from Qualys. This allows SAFE to fetch selective information from Qualys, reducing the time it takes to fetch VA results from Qualys in case the data set is large. Users can configure and reconfigure the filter any number of times.

User Permissions
Note that the user you have created to use with the SAFE integration must have access to the Asset Groups you select below.

Get the Asset Tag IDs

Get the Asset Tag Ids from Qualys as follows:

  1. Log in to Qualys and click the Global AssetView option from the top-left dropdown.
  2. Select the Tags tab. The system displays a list of available tags.
  3. Identify the tag(s) to which the Assets are tagged in Qualys. Click the Down Arrow next to the Tag Name. 
  4. From the dropdown, click the View option.
  5. The tag information will be shown with the Tag ID available on the right side of the page. Collect all the Tag IDs required to identify all eligible assets. We will use these Tag Ids while configuring Qualys with SAFE.
  6. Users can also, opt for creating a new Tag in case no available tag is suitable for filtering.

Configure Qualys


To configure Qualys:

  1. Navigate to the SAFE Hooks.
  2. Click the Qualys VMDR card.
  3. Enter the Qualys API URL, Username, Password, and Auto-Sync Frequency.
  4. Enter the Tag Filters for pulling selective assets and their related VA results from Qualys.
  5. Select the Auto Onboard New Assets checkbox to onboard the new assets if required.
  6. Click the Test Connection button.
  7. Once the connection is verified, click Save Configuration.

Qualys VMDR Configuration

Notes:
  • The Qualys user’s credentials used to establish the connection must have Admin privileges to work this integration. SAFE Instance's IP should be whitelisted in the customer's Qualys instance.
  • Users can pull the scan results on-demand by clicking the “Sync Now” button on the Qualys configuration page.
  • SAFE only supports importing VA results from Qualys for assets in the following technology groups:
    • Network and Security Nodes
    • Server
    • End Points
    • Others

View results


Once the Qualys is configured, SAFE pulls all the VA scan results from Qualys. For assets (based on IP address) present in SAFE, the VA controls are added in SAFE based on the vulnerabilities found in Qualys. To view the result for an asset:

  1. Navigate to Technology > Assets.
  2. Filter the asset list for the source as security.safe.qualys-vmdr. The system displays the Qualys VMDR assets.
    Qualys VMDR Assets
  3. Clicking an asset from the list, the system displays the controls and their status.

Was this article helpful?