Qualys Cloud Platform
  • 8 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Qualys Cloud Platform

  • Print
  • Share
  • Dark
    Light

Qualys Cloud Platform monitors customers' global security and compliance posture using sensors. This adapter connects to the Qualys Cloud Platform service to import information about devices and vulnerabilities.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Qualys Cloud Platform Domain (required) - The hostname of the Qualys API (for example, qualysapi.apps.qualys.com). For more details on how to determine your Qualys API URL, see Identify your Qualys platform.
  2. User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets.
  3. Qualys Tags Whitelist (optional, default: empty) - Specify a comma-separated list of Qualys tags.
    • If supplied, the connection for this adapter will only fetch devices tagged in Qualys with the tags provided in this list.
    • If not supplied, the connection for this adapter will fetch all devices from Qualys Cloud Platform.
  4. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Hostname or IP Address. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the value supplied in Qualys Cloud Platform Domain will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the value supplied in Qualys Cloud Platform Domain will not be verified against the CA database inside of Axonius.
  5. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Qualys Cloud Platform Domain.
    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Qualys Cloud Platform Domain.
    • If not supplied, Axonius will connect directly to the value supplied in Qualys Cloud Platform Domain.
  6. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Qualys Cloud Platform Domain via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  7. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the value supplied in Qualys Cloud Platform Domain via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  8. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.



    image.png

Advanced Settings

  1. Use Qualys API *(required, default: True) - select whether to use the Qualys API.
    • If enabled, all connections for this adapter will use the Qualys API to fetch data.
    • If disabled, all connections for this adapter will not use the Qualys API to fetch data.
  2. Use Global IT Asset Inventory API (required, default: False) - Select whether to use Global IT Asset Inventory API.
    * If enabled, all connections for this adapter will use the Global IT Asset Inventory API to fetch data.
    :::(Info) (NOTE)
    * If enabled, Axonius will not fetch vulnerabilities from Qualys Cloud Platform, even if the Fetch vulnerabilities data checkbox is enabled.
    * This API supports fetching up to the 100 first devices.
    :::
    * If disabled, all connections for this adapter will not use the Global IT Asset Inventory API to fetch data.
  3. Request timeout (required, default: 200) - Specify how many seconds all connections for this adapter will wait for a response before considering the request as timed out.
  4. Chunk size (required, default: 50) - Specify the number of parallel requests all connections for this adapter will send to Qualys.
  5. Devices per page (optional, default: 1) - Set the number of results per page received for a given query to Qualys API, to gain better control on the performance of all connections of for this adapter.
  6. Intervals between retries (seconds) (optional, default: 3) - Specify how many seconds all connections for this adapter will wait in between each retry when the Qualys API returns a response with an error.
    • If supplied, Axonius will wait for the specified number of seconds before resending the request to the Qualys API.
    • If not supplied, Axonius will immediately resend the request to the Qualys API.
      The default value for this field is 3.
  7. Number of retries (optional, default: 3) - Specify how many times all connections for this adapter will retry a request when the Qualys API returns a response with an error.
    • If supplied, upon an error response from Qualys API, up to the specified number, Axonius will resend the request to the Qualys API.
    • If not supplied, upon an error response from Qualys API, Axonius will not resend the request to the Qualys API.
  8. Fetch vulnerabilities data (required, default: True) - Select whether to fetch vulnerabilities from Qualys.
    • If enabled, all connections for this adapter will fetch vulnerabilities from Qualys Cloud Platform.
    • If disabled, all connections for this adapter will not fetch vulnerabilities from Qualys Cloud Platform.
  9. Fetch authentication report (required, default: False) - Select whether to fetch authentication report information from Qualys Cloud Platform. The authentication report includes the authentication status for the scanned hosts: Passed, Failed, Passed with insufficient privileges or Not Attempted.
    • If enabled, all connections for this adapter will also fetch authentication report information from Qualys Cloud Platform.
    • If disabled, all connections for this adapter will not fetch authentication report information from Qualys Cloud Platform.
  10. Fetch tickets (required, default: False) - Select whether to fetch tickets associated with devices from information Qualys Cloud Platform.
    • If enabled, all connections for this adapter will also fetch tickets information for tickets associated with devices from Qualys Cloud Platform.
    • If disabled, all connections for this adapter will not fetch tickets associated with devices from Qualys Cloud Platform.
  11. Use DNS name as hostname even if NetBIOS name exists (required, default: False) - Select whether to use DNS name or NetBIOS name as the device hostname if both exists.
    • If enabled, all connections for this adapter use the DNS name as the device hostname even if NetBIOS name also exists.
    • If disabled, all connections for this adapter use the NetBIOS name as the device hostname, when exists.
  12. Fetch unscanned IP addresses (required, default: False) - Select whether to fetch yet-to-be-scanned hosts. Such devices' data will contain only an IP address (also as ID).
    • If enabled, all connections for this adapter will also fetch unscanned IP addresses from Qualys Cloud Platform.
    • If disabled, all connections for this adapter will not fetch unscanned IP addresses from Qualys Cloud Platform.
  13. Fetch Asset Groups (required, default: False) - Select whether to fetch Asset Groups.
    • If enabled, all connections for this adapter will also fetch Asset Groups.
    • If disabled, all connections for this adapter will not fetch Asset Groups.
  14. Do not fetch devices with no MAC address and hostname (required, default: False) - Select whether to exclude fetching devices without MAC addresses and hostnames.
    • If enabled, all connections for this adapter will only fetch devices that have MAC addresses or hostnames.
    • If disabled, all connections for this adapter will fetch devices even if they do not have MAC addresses and hostnames.
  15. Fetch PCI Flag (required, default: False) - Select whether to add a PCI Flag to fetched vulnerabilities.
    • If enabled, all connections for this adapter will add a PCI Flag to fetched vulnerabilities.
    • If disabled, all connections for this adapter will not add a PCI Flag to fetched vulnerabilities.
    NOTE

    To use this functionality, the value supplied in User Name must have on of the following roles: Manager, Unit Manager, Scanner, Reader.

  16. Fetch scanner appliances (required, default: False) - Select whether to fetch scanner appliances as devices.
    • If enabled, all connections for this adapter will fetch scanner appliances as devices.
    • If disabled, all connections for this adapter will not fetch scanner appliances data.
  17. Fetch policy compliance (required, default: False) - Select whether to fetch policy compliance associated with devices.
    • If enabled, all connections for this adapter will also fetch policy compliance associated with each device.
    • If disabled, all connections for this adapter will not fetch policy compliance associated with each device.
  18. Fetch policy control (required, default: False) - Select whether to fetch policy controls.
    • If enabled, all connections for this adapter will also fetch policy controls associated with policy compliance.
    NOTE

    Policy controls will be fetched only if Fetch policy compliance is enabled.

    • If disabled, all connections for this adapter will not fetch policy controls.
  19. Fetch policy posture information (required, default: False) - Select whether to fetch the posture information of every policy compliance.
    • If enabled, all connections for this adapter will also fetch policy posture information associated with policy compliance.
    NOTE

    Policy controls will be fetched only if Fetch policy compliance is enabled.

    • If disabled, all connections for this adapter will not fetch policy posture information.

image.png

NOTE

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

APIs

Axonius uses the following Qualys APIs:

Required Permissions

The value supplied in User Name must be associated with one of the following user roles and with the following permissions:

  1. Manager role with full scope.
  2. Reader role with full scope.
  3. Non-manager role with the following permissions:
    • Access Permission "API Access".
    • Asset Management Permission "Read Asset".
    • Requested asset in their scope.
    NOTE

    It is recommended to provide the user permissions and access to all objects in the subscription.
    From Qualys Administration utility, go to Users > User Management. Click the user account and select Actions > Edit. Then go to Roles and Scopes and select the Allow user full permissions and scope checkbox.



To enable user access to the API:

  1. From Qualys Administration utility, click the user button next to the Logout -> User Profile.

    image.png

  2. The Edit User screen opens. Click User Role -> select the API checkbox to enable API Access.
    image.png

  3. Save changes.

Was This Article Helpful?