Essential preparation for a successful Qualys Cloud Platform integration

A successful integration requires planning and careful execution of pre-integration tasks. It is essential that you prepare for the integration by performing these procedures.

  • Make any necessary configuration changes based on your requirements before running the integrations.
  • Validate your instance sizing based on the number of vulnerable items you expect to import. An undersized instance can lead to long load times.
  • If the default System Administrator account is removed or disabled, specify a run-as user for executing the integrations.
  • Set an initial start date for the Host Detection List Import integrations, and consider setting the Start time field to a few hours or days in the past.
  • If you do not use vulnerability calculators, it is best to disable the default calculator, in addition to any others you have defined. Vulnerability calculators run every time a vulnerable item record is created or updated, and can impact import performance.
  • Disable the Qualys Ticket Integration, as it is not required and provides only minimal additional data. If you are using the QualysGuard remediation ticketing system, move any special auto-assignment functionality into ServiceNow.
  • Add Qualys host identification indexes to improve data load time performance.
  • During the initial import of records, certain notification-related business rules can cause many notifications to be generated, impacting performance. So prior to your initial import, disable the business rules.
  • Thousands of detection records could be available for imported, so to limit the amount of data retrieved from Qualys, modify REST Query parameters. You can validate that the integration is configured correctly using a smaller dataset by limiting the amount of data. For more information, see the Qualys API documentation. Common testing parameters include:
    • ids: Show only detection records with certain QIDs. You can specify one or more QIDs. Valid QIDs are required. Specify a range using a dash. Multiple entries are comma-separated.
    • ips: Show only certain IP addresses or ranges. You can specify one or more IPs or ranges. Multiple entries are comma-separated. Specify an IP range using a hyphen.
    • severities: Show only detection records which have certain severities. You can specify one or more levels. Specify a range using a dash. Multiple entries are comma-separated.