Qualys SCA
- 2 Minutes to read
- Print
- PDF
Qualys SCA
- 2 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
About this document
This document provides the step-by-step procedure to integrate SAFE with Qualys Security Configuration Assessment (SCA) and Policy Compliance (PC).
Introduction
SAFE integrates with Qualys Security Configuration Assessment (SCA) and Policy Compliance (PC) to fetch the configuration assessment results based on CIS benchmarks into SAFE. Once configured, this integration onboards the Qualys SCA and PC assets in SAFE and automatically adds assets to Default groups based on the Operating System (OS) information from Qualys.
You can configure Qualys SCA and PC in SAFE from the Qualys SCA card available in SAFE Hooks.
Supported Asset Type
Qualys SCA and PC integration supports the configuration assessment for the following asset types:
- RHEL 7.x
- RHEL 8.X
- CentOS 7.x
- CentOS 8.x
- Ubuntu 22.x
- Ubuntu 20.x
- Suse Linux 12.x
- Suse Linux 15.x
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Notes
- If SAFE does not find the mapping for an asset, the asset will be added to the Others Default Group. However, you can move the asset manually to the best-suited Group.
- You can check the mapping using API “GET <SAFE_URL>/api/v3/settings/os-to-safe-asset-type-mapping”.
- To add a custom OS to Safe Asset Type mapping, use API “POST <SAFE_URL>/api/v3/settings”
- By default, the asset-matching criteria used for Qualys SCA is ["fqdn", "assetName", "ipAddress"]
Prerequisites
To configure Qualys, you need the following details:
- Qualys API URL - The URL should start with qualysapi, and not qualysguard.
- Qualys API Credentials
- Verifying that the SAFE Instance’s IP address is whitelisted in the user’s Qualys Instance.
Create a user in Qualys with API access
To connect Qualys SCA and PC with SAFE, you can use an existing user’s username and password, which has access to the Qualys API, or create a new user. The minimum access required for the user is Reader level, and the user should have both GUI and API access to set up the integration properly.
Note
You need Admin access to create a new user in Qualys.
Create a new user in Qualys
- Log in to your Qualys instance.
- Scroll down and select Administration from the top-left dropdown.
- Click the Create User button on the Administration page and select CreateReaderUser.
- Select the user role as Reader (or a higher role) on the NewReaderUser page.
- Mark the API and GUI access checkboxes.
- Click Save. The new user will get an email to verify login and complete the user registration process. We can now use the credentials to connect SAFE with Qualys.
Configure Qualys SCA and PC
To configure Qualys SCA in SAFE:
- Navigate to the SAFE Hooks.
- Click the Qualys SCA card.
- Enter the Qualys API URL, Username, and Password.
- Enter the Policy IDs Filter. SAFE allows you to filter the assessment data being fetched from Qualys based on Qualys Policy IDs. If this field is blank, the system pulls the assessment data for all policies to which the user has access.
- Enter the Auto-Sync Frequency.
- Select the AutoOnbaordNewAssets checkbox to onboard the newly discovered assets in SAFE.
- Click the Test Connection button.
- Once the connection is verified, click Save Configuration.
- Click the Sync Now button to fetch the results in SAFE.
.png)
View Result
To view the onboarded Assets;
- Navigate to Technology > Assets.
- Filter the asset list for the source as security.safe.qualys-sca.
- The system displays the assets imported from Qualys SCA and PC.
- Clicking any assets displays the controls and their status.
- Further clicking a control displays the control’s details and MITRE ATT&CK mapping.
Was this article helpful?