Qualys Vulnerability Integration configuration and tuning

When configuring the Qualys integration, remember to approach the integration in incremental steps. Starting small helps to debug any issues.

Here are some tips to help ensure a successful installation.
  • Before running the integrations, make any necessary configuration changes based on your requirements.

  • Consider setting the Start time field to a few hours or days in the past.
  • Thousands of detection records could be available for import. So limit the amount of data retrieved from Qualys, by adding REST Query parameters. Limiting the amount of data allows you to validate that the integration is configured and working end-to-end with a smaller dataset. Refer to the Qualys API documentation for the full list of parameters used for the Host List Detection API.

    Common testing parameters include:

    • ids: Show only detection records with certain QIDs. You can specify one or more QIDs. Valid QIDs are required. Specify a range using a dash. Multiple entries are comma-separated.
    • ips: Show only certain IP addresses or ranges. You can specify one or more IPs or ranges. Multiple entries are comma-separated. Specify an IP range using a hyphen.
    • severities: Show only detection records which have certain severities. You can specify one or more levels. Specify a range using a dash. Multiple entries are comma-separated.