Skip to main content

Qualys

Visualize Qualys scanners and findings, monitor findings and changes through queries and alerts.

Installation

For this integration, you will need to provide credentials for a Qualys user with the MANAGER or custom role for best results.

This integration is unable to ingest host findings with the built-in READER role event after adding all of the modules. This may be related to parts of the Qualys "host detection" feature being controlled by a license setting. Instead, use the built-in MANAGER role if you do not want to create a custom role. Please refer to the troubleshooting section below, if you would like to issue granular permissions to JupiterOne.

info

The Qualys API requires usage of a username and password associated with a non-test account user. See the Qualys API docs for more information.

Configuration in JupiterOne

To install the Qualys integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Qualys. Click New Instance to begin configuring your integration.

Creating a configuration requires the following:

  • The Account Name used to identify the Qualys account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your Qualys account Username, Password, and API URL.

Click Create once all values are provided to finalize the integration.

Troubleshooting Qualys user credentials

If your integration is not running successfully due to insufficient permissions from your Qualys user, we have created a bash script that hits the various endpoints used in this integration. Using the USERNAME, PASSWORD, and HOSTNAME that are used in your JupiterOne Qualys Integration configuration, you should be able to determine which endpoints your user does not have the appropriate permissions to invoke.

note

Please note that while you may receive a status 200 for a particular endpoint, the response may contain a message indicating your lack of permissions.

Example output
< HTTP/1.1 200
< X-Powered-By: Qualys:USPOD03:b3f3a819-7884-e60e-81d0-9725801da546:cbf7331a-292e-f3ed-8231-200b1fb10047
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Vary: Accept-Encoding
< Date: Fri, 14 Jan 2022 03:55:39 GMT
< Server: Apache
<
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qg3.apps.qualys.com/qps/xsd/2.0/am/hostasset.xsd">
  <responseCode>UNAUTHORIZED</responseCode>
  <responseErrorDetails>
    <errorMessage>You are not authorized to access the application through the API.</errorMessage>
    <errorResolution>If you think this is an error, please contact your account manager.</errorResolution>
  </responseErrorDetails>
* Connection #0 to host qualysapi.qg3.apps.qualys.com left intact
</ServiceResponse>

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.