Qualys VM/VMDR Connector Guide

How to set up and use the Qualys Vulnerability Management (VM)/Vulnerability Management, Detection, and Response (VMDR) connector in RiskSense.

Overview

Qualys Vulnerability Management (VM)/Vulnerability Management, Detection, and Response (VMDR) provides asset discovery and vulnerability assessment for on-premises and cloud environments.

The RiskSense platform provides an API-based connector that integrates with Qualys VM/VMDR, enabling customers to bring in their findings. It allows customers to gain visibility into their overall risk due to vulnerabilities in their endpoint and a more straightforward, more efficient way to manage those vulnerabilities.

User Prerequisites/Qualys Setup

A Qualys user can be assigned to one or more roles, which consolidate permissions that represent the rights to access features and functions. API Access can be given to a user when assigning or editing their role.

Locate Users in the navigation bar and either create or edit an existing user. In the pop-up window, select a User Role. Then, select or deselect the API checkbox. Click Save.

Qualys VMDR - User Permissions

Qualys VM/VMDR Connector API Calls

The following API calls are performed during a connector run to pull security vulnerabilities from Qualys VM/VMDR into RiskSense.

API Type

Endpoint

Authentication

/api/2.0/fo/session/?action=login

Fetch List of Hosts

/api/2.0/fo/asset/host/

Fetch List of Vulnerabilities Associated with Each Host

/api/2.0/fo/asset/host/vm/detection

Fetch List of AssetGroups

/api/2.0/fo/asset/group/

Connector Setup

To set up the Qualys VM/VMDR connector, navigate to the Automate > Integrations page.

Navigation - Automation - Integrations-1

Using the search bar in the upper-right corner of the Integrations page, type VMDR to find the connector.

Qualys VMDR - Search for Connector

Locate the Qualys VM/VMDR card on the page and click Configuration.

ServiceNow CMDB - Configuration Button Location

In the new window under Connection, complete the required fields, as described below.

  • Name: The connector’s name.
  • URL: The specific Qualys VM/VMDR instance URL.
  • User Name/Password: The Qualys username and password.
  • Select Network: RiskSense network name (ingested data associated with this network).
  • SSL: Optional instance SSL certificate in base64 format.

Qualys VMDR - Connection Window

Click Test Credentials to verify the credentials are correct and have access to make API calls to the Qualys VM/VMDR instance.

Qualys VMDR - Test Credentials

Under Schedule, you can configure the desired schedule for the connector to retrieve results from the Qualys instance and optionally select the Oldest Scan Data Pull configuration. The Oldest Scan Data Pull dropdown provides users the flexibility to pull the assets from the last 30, 60, 90, 180 days and 1 year.

Qualys VMDR - Schedule Section

Under Connector Specific Options, select the required options from the list.

  • Users can optionally turn on Enable auto URBA (Update Remediation by Assessment).
  • On marking the Create Assets that do not have vulnerabilities options, RiskSense will create hosts with zero findings.
  • By enabling Allow to pull tag information from Qualys, RiskSense will pull associated tags with hosts.

Qualys VMDR - Connector Specific Options

  • Information Gathered Plugins: Clicking the All Plugins radio button allows users to pull all informational plugins related to the hosts. To pull specific plugins, click the Select Plugins radio button. Input the list of informational plugins you would like to process as comma-separated values without spaces. For example--11773, 12014, 12015
  • Qualys Asset Groups: Clicking the All Asset groups radio button allows users to pull hosts from all the associated groups. Users can choose to whitelist groups as well as blacklist. By whitelisting one or more groups, a user is able to configure only hosts belonging to these groups will be pulled in. On other hand, by blacklisting groups, users have the ability to restrict certain hosts from these blacklisted groups. Whitelisting and blacklisting of groups can be done only by the Qualys Users who have the Manager Role.

Click Save to create the connector.

Qualys VMDR - Connector Enabled

A new card for the Qualys connector appears at the top of the Integrations page.

Qualys VMDR - Configured Connector

This connector runs once the initial setup is complete. Click the History button to check the connector’s status. Clicking the Sync button pulls connector files from Qualys on demand. Clicking the Edit button allows you to modify the connector. Clicking the Delete button deletes the connector.