Qualys SCA
  • 2 Minutes to read
  • PDF

Qualys SCA

  • PDF

Article summary

About this document


This document provides the step-by-step procedure to integrate SAFE with Qualys Security Configuration Assessment (SCA) and Policy Compliance (PC).

Introduction


SAFE integrates with Qualys Security Configuration Assessment (SCA) and Policy Compliance (PC) to fetch the configuration assessment results based on CIS benchmarks into SAFE. Once configured, this integration onboards the Qualys SCA and PC assets in SAFE and automatically adds assets to Default groups based on the Operating System (OS) information from Qualys.

You can configure Qualys SCA and PC in SAFE from the Qualys SCA card available in SAFE Hooks.

Supported Asset Type


Qualys SCA and PC integration supports the configuration assessment for the following asset types:

  1. RHEL 7.x
  2. RHEL 8.X
  3. CentOS 7.x
  4. CentOS 8.x
  5. Ubuntu 22.x
  6. Ubuntu 20.x
  7. Suse Linux 12.x
  8. Suse Linux 15.x
  9. Windows 8.1
  10. Windows 10
  11. Windows 11
  12. Windows Server 2012 R2
  13. Windows Server 2016
  14. Windows Server 2019
  15. Windows Server 2022
Notes
  • If SAFE does not find the mapping for an asset, the asset will be added to the Others Default Group. However, you can move the asset manually to the best-suited Group.
  • You can check the mapping using API “GET <SAFE_URL>/api/v3/settings/os-to-safe-asset-type-mapping”.
  • To add a custom OS to Safe Asset Type mapping, use API “POST <SAFE_URL>/api/v3/settings”
  • By default, the asset-matching criteria used for Qualys SCA is ["fqdn", "assetName", "ipAddress"]

Prerequisites


To configure Qualys, you need the following details:

  1. Qualys API URL - The URL should start with qualysapi, and not qualysguard.
  2. Qualys API Credentials
  3. Verifying that the SAFE Instance’s IP address is whitelisted in the user’s Qualys Instance.

Create a user in Qualys with API access


To connect Qualys SCA and PC with SAFE, you can use an existing user’s username and password, which has access to the Qualys API, or create a new user. The minimum access required for the user is Reader level, and the user should have both GUI and API access to set up the integration properly.

Note
You need Admin access to create a new user in Qualys.

Create a new user in Qualys

  1. Log in to your Qualys instance.
  2. Scroll down and select Administration from the top-left dropdown.
  3. Click the Create User button on the Administration page and select CreateReaderUser.
  4. Select the user role as Reader (or a higher role) on the NewReaderUser page.
  5. Mark the API and GUI access checkboxes.
  6. Click Save. The new user will get an email to verify login and complete the user registration process. We can now use the credentials to connect SAFE with Qualys.

Configure Qualys SCA and PC


To configure Qualys SCA in SAFE:

  1. Navigate to the SAFE Hooks.
  2. Click the Qualys SCA card.
  3. Enter the Qualys API URL, Username, and Password.
  4. Enter the Policy IDs Filter. SAFE allows you to filter the assessment data being fetched from Qualys based on Qualys Policy IDs. If this field is blank, the system pulls the assessment data for all policies to which the user has access.
  5. Enter the  Auto-Sync Frequency.
  6. Select the AutoOnbaordNewAssets checkbox to onboard the newly discovered assets in SAFE.
  7. Click the Test Connection button.
  8. Once the connection is verified, click Save Configuration.
  9. Click the Sync Now button to fetch the results in SAFE.

Qualys(3)

View Result


To view the onboarded Assets;

  1. Navigate to Technology > Assets.
  2. Filter the asset list for the source as security.safe.qualys-sca.
  3. The system displays the assets imported from Qualys SCA and PC.
  4. Clicking any assets displays the controls and their status.
  5. Further clicking a control displays the control’s details and MITRE ATT&CK mapping.

SCA


Was this article helpful?