Activate and configure Qualys Vulnerability Integration plugin

The Security Integration feature allows you to quickly activate and set up third-party security integrations, including Qualys Cloud Platform. Before Qualys Cloud Platform integration can be used, you must activate the plugin, set your API credentials, and set an initial start date.

Before you begin

Qualys Vulnerability Integration requires an installed Vulnerability Response plugin. Both are available as separate subscriptions.

Role required: sn_sec_cmn.admin

Note: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method. If you choose the traditional method of activation, the Qualys card recognizes the installation and displays the Configure button. Proceed to Step 5.

Procedure

  1. Navigate to Security Operations > Integration Configuration.
    The available security integrations appear as a series of cards.
    Qualys integration card
  2. In the Qualys card, click Install Plugin.
  3. In the Install Qualys integration dialog box, review the plugin details and click Activate.
  4. When the activation is complete, click Close & Reload Form.
    The Security Integration screen reloads and the Configure button for the integration is available.
  5. Click Configure.
  6. Fill in the fields on the form, as appropriate.
    Field Description
    Primary API Server URL The URL to the Qualys API server.
    Primary User Name The API user name to be used for Basic Auth REST message authentication.
    Primary Password The API password to be used for Basic Auth REST message authentication.
    Initial Scan Start Time Set the start date and time for the Qualys Ticket List Import and Host Detection List Import integrations.
    Note: If the date is left empty, no data is returned on the first run. Best practice is to set the value to a maximum of 30 days in the past or just prior to your last Qualys scan. This value prevents large amounts of data from exceeding the Qualys API rate limitations, as well as triggering execution timeouts. 

    The start date can also be set later using the Primary Integrations module.

    Pull Qualys historical knowledge Select this check box to retrieve Qualys knowledge base entries. The retrieved data is based on the date that Qualys updated the vulnerabilities and since the last time the integration ran.

    This field can be useful for populating historical data into your instance as well as for ensuring the QIDs are up to date.

    Historical knowledge base information can also be pulled later using the Primary Integrations module.

    Number of days of knowledge base data to retrieve per API request The maximum number of days worth of vulnerability data included in each pull from the Qualys Knowledge Base. For example, imagine a new installation has a backlog of 3 years worth of vulnerability data and this property is set to 365. Each pull includes one year worth of data. This field defaults to 365.
    Max number of QIDs to pull per API request when backfilling vulnerability data The maximum number of Qualys ID records that can be pulled per API request when you are backfilling vulnerability data.

    The pull is scheduled to run after the Qualys Host Detection Integration. It updates your instance with any QIDs that were referenced in the Host Detection integration, but did not previously exist.

    Default Scanner Appliance Leave blank unless you are not using the default Qualys Cloud Platform scanner appliance. This appliance is used if no better scanner appliance is found for the IP addresses being scanned.
    Scan Options Profile Leave blank unless you are not using the default Qualys Cloud Platform scan options profile.

    Created in the Qualys Cloud Platform application, the scan options profile defines the settings to use for all scans run using that profile. Qualys recommends creating profiles with custom settings for different types of Qualys Cloud Platform scans.

  7. Click Submit.