Understanding Qualys Cloud Platform integration

Qualys Cloud Platform sensors collect the data and automatically send it to the Qualys Cloud Platform, which continuously analyzes and correlates the information. It easily integrates with Security Operations to map vulnerabilities to CIs and business services to determine impact and priority of potentially malicious threats. It drives remediation through a coordinated workflow.

Primary and Supporting Integrations

Qualys primary and supporting integrations enrich the vulnerability data on your instance by retrieving data from the Qualys integration. A series of scheduled jobs invoke the integrations automatically. You can also execute them manually. Scheduled jobs simplify the vulnerability remediation lifecycle by keeping the instance synchronized with other vulnerability management systems. Primary and supporting integrations can be modified.

Primary integrations

A primary integration is an entry point to the Qualys Cloud Platform interacting with the Qualys API invoked on a schedule.

View the primary integrations by navigating to Qualys Vulnerability Integration > Administration > Primary Integrations.

The following primary integrations are included in the base system.

Table 1. Primary integrations
Integration Description
Qualys Appliance List Integration Retrieves scanner appliance information from Qualys.
Qualys Asset Group Integration Retrieves asset group information from Qualys. Asset groups are used to identify which scanner appliances to use for scanning matching configuration items.
Qualys Dynamic Search List Integration Synchronizes Qualys search lists for finding vulnerable entries, and retrieves dynamic list type records.
Qualys Host Detection Integration Retrieves host and vulnerability data from Qualys and processes it in your instance. It coordinates the REST message calls to the Host List Detection API.

The outputs of this integration are vulnerable items.

Qualys Knowledge Base Retrieves Qualys knowledge base entries. The retrieved data is based on the date the vulnerabilities were updated by Qualys and since the last time the integration ran.

This data is useful for populating historical data into your instance as well as ensuring the Qualys Identifiers (QIDs) are up to date.

Qualys Knowledge Base (Backfill) Retrieves Qualys knowledge base entries.

Scheduled to run after the Qualys Host Detection Integration. Updates your instance with any QIDs that were referenced in the Host Detection integration but did not exist in the system.

Qualys Static Search List Integration Synchronizes Qualys search lists for finding vulnerable entries. Retrieves only static list type records.
Qualys Ticket Integration Retrieves Qualys tickets and adds them to your instance. It coordinates the REST message calls to the ticket list API.

There are often fewer tickets than Host Detections since Qualys settings can constrain the detections that result in a ticket.

Supporting integrations

A supporting integration is a process that is not intended to run on a schedule nor without invocation by a primary integration.

View the supporting integrations by navigating to Qualys Vulnerability Integration > Administration > Supporting Integrations.

The following supporting integrations are included in the base system.

Table 2. Supporting integrations
Integration Description
Asset Group Pagination Handler Directs the pagination of the Asset Group Integration.
Host Detection Import Set Reprocess Integration Handles reprocessing of the Host List import set created by the Host Detection Integration.

Processes detections found for each host and results in vulnerable items being inserted or updated in your instance.

Host Detection Pagination Handler Directs the pagination of the Host Detection Integration.

The Host List Detection API coordinates REST calls for each page request to the server.

Search lists

Search lists are used in Qualys to create custom groups of vulnerabilities. You can save them and use for ticket creation and to customize vulnerability scans and reports. The Search Lists module allows you to download search list data from Qualys to your instance on a scheduled basis.

Search lists are pulled from Qualys using the Dynamic Search List Import and/or Static Search List Import data transformation maps. In each of these transforms, you can define schedules for performing the import.

Host tags

Host tags (also called asset tags) are used for organizing and tracking the assets in your organization. You can assign tags to your host assets. Then, when launching scans, you can select tags associated with the hosts you want to scan. The Host Tags module allows you to download host tag data from Qualys to your instance on a scheduled basis.

Asset data that includes host tags is pulled from Qualys using the Host Detection List Import integration data transformation map.