Contents x
    Qualys SCA
    • 2 Minutes to read
    • Print
    • PDF
    Contents

    Qualys SCA

    • 2 Minutes to read
    • Print
    • PDF
    Article Summary

    About this document

    This document provides the step-by-step procedure to integrate SAFE with Qualys Security Configuration Assessment (SCA) and Policy Compliance (PC).

    Introduction

    SAFE integrates with Qualys Security Configuration Assessment (SCA) and Policy Compliance (PC) to fetch the configuration assessment results based on CIS benchmarks into SAFE. Once configured, this integration onboards the Qualys SCA and PC assets in SAFE and automatically adds assets to Default groups based on the Operating System (OS) information from Qualys.

    You can configure Qualys SCA and PC in SAFE from the Qualys SCA card available in SAFE Hooks.

    Supported Asset Type

    Qualys SCA and PC integration supports the configuration assessment for the following asset types:

    1. RHEL 7.x
    2. RHEL 8.X
    3. CentOS 7.x
    4. CentOS 8.x
    5. Ubuntu 22.x
    6. Ubuntu 20.x
    7. Suse Linux 12.x
    8. Suse Linux 15.x
    9. Windows 8.1
    10. Windows 10
    11. Windows 11
    12. Windows Server 2012 R2
    13. Windows Server 2016
    14. Windows Server 2019
    15. Windows Server 2022
    Notes
    • If SAFE does not find the mapping for an asset, the asset will be added to the Others Default Group. However, you can move the asset manually to the best-suited Group.
    • You can check the mapping using API “GET <SAFE_URL>/api/v3/settings/os-to-safe-asset-type-mapping”.
    • To add a custom OS to Safe Asset Type mapping, use API “POST <SAFE_URL>/api/v3/settings”
    • By default, the asset-matching criteria used for Qualys SCA is ["fqdn", "assetName", "ipAddress"]

    Prerequisites

    To configure Qualys, you need the following details:

    1. Qualys API URL - The URL should start with qualysapi, and not qualysguard.
    2. Qualys API Credentials
    3. Verifying that the SAFE Instance’s IP address is whitelisted in the user’s Qualys Instance.

    Create a user in Qualys with API access

    To connect Qualys SCA and PC with SAFE, you can use an existing user’s username and password, which has access to the Qualys API, or create a new user. The minimum access required for the user is Reader level, and the user should have both GUI and API access to set up the integration properly.

    Note
    You need Admin access to create a new user in Qualys.

    Create a new user in Qualys

    1. Log in to your Qualys instance.
    2. Scroll down and select Administration from the top-left dropdown.
    3. Click the Create User button on the Administration page and select CreateReaderUser.
    4. Select the user role as Reader (or a higher role) on the NewReaderUser page.
    5. Mark the API and GUI access checkboxes.
    6. Click Save. The new user will get an email to verify login and complete the user registration process. We can now use the credentials to connect SAFE with Qualys.

    Configure Qualys SCA and PC

    To configure Qualys SCA in SAFE:

    1. Navigate to the SAFE Hooks.
    2. Click the Qualys SCA card.
    3. Enter the Qualys API URL, Username, and Password.
    4. Enter the Policy IDs Filter. SAFE allows you to filter the assessment data being fetched from Qualys based on Qualys Policy IDs. If this field is blank, the system pulls the assessment data for all policies to which the user has access.
    5. Enter the  Auto-Sync Frequency.
    6. Select the AutoOnbaordNewAssets checkbox to onboard the newly discovered assets in SAFE.
    7. Click the Test Connection button.
    8. Once the connection is verified, click Save Configuration.
    9. Click the Sync Now button to fetch the results in SAFE.

    Qualys(3)

    View Result

    After a successful sync, the Qualys SCA assets are automatically imported into SAFE.

    View Assets

    To view the assets pulled from Qualys SCA:

    1. Click the See Updated Assets button available at the top-right of the History table.
    2. The system displays a filtered list of assets pulled from Qualys SCA.

    View Findings

    To view the findings:

    Note
    To view findings related to assets, they should be assigned to at least one group and its associated risk scenarios. The Findings view on the Risk Scenario page will present the findings list along with their respective details.
    1. Navigate to the Risk Scenario created for the Qualys SCA assets.
    2. Scroll down to the Findings section. Here you can see the finding details of the Qualys assets.
    Was this article helpful?
    What's Next