Qualys data source
Data Manager is included in all Service Collection Premium and Enterprise plans.
Qualys is a tool produced by Qualys that is used to detect network vulnerabilities across an environment.
The Qualys data source uses an API connection to bring data into Data Manager.
This task requires Data Manager & Adapters admin permissions to complete. See how permissions and roles work in Data Manager.
Before you start setting up:
Ensure that the Qualys source is API‑enabled with relevant firewall rules established.
Ensure that credentials to access the source are available.
The Qualys API works in three different ways:
Host Assets (Direct Import to SQL) – canned query using the
HostAssetcall that returns a set of fields and loads them directly into Data Manager.Report (Save to CSV) – uses a saved report in Qualys with the fields you choose and loads the CSV file into Data Manager. This allows you to modify the CSV before loading.
Report (Direct Import to SQL) – loads data from a Qualys report directly into Data Manager without a CSV manipulation step.
When using Report (Save to CSV) or Report (Direct Import to SQL), you must enter the API URL and Token ID before selecting the Report ID, so Data Manager can collect the reports.
How do I connect Qualys to Data Manager?
Follow this procedure to connect Qualys using the custom‑built adapter:
Gather all of the Data Manager type information, including the data source name, short display name, and the data source type.
Gather the Qualys fields – this may require consultation with the Qualys subject matter expert (SME).
In Data Manager, add a new data source by selecting the tool you which to connect and configure with all the gathered information.
Each time this data source is fetched the data becomes raw data.
Data Manager fields
You need to specify the following information from Data Manager:
Data source name – the name of the data source used to run, transform, map, cleanse, and import the data.
Short display name – a unique name as a data source label.
Data source type – what type of data the tool is providing. For example, Assets, CMDB, user location.
Qualys fields
Specify the following from Qualys:
API URL – Qualys instance URL, for example:
https://<instance>.qualys.comUsername and Password – used to generate the API access token.
API access token – base‑64 encoded string used to authorize Qualys API access. This is generated when you populate username and password and select Generate.
Action type – one of:
Host Assets (Direct Import to SQL) – no additional fields required.
Report (Save to CSV) – requires the Qualys report number and CSV file path.
Report (Direct Import to SQL) – requires the Qualys report number.
API timeout – maximum time (in minutes) for completion of report generation.
API limit – maximum number of records to return per call.
API timeout
An API timeout occurs if the service takes longer than expected to respond. This returns a 500 error and details in the response. Timeouts are typically caused by:
the call involving too much data
network or service issues
既定:
0推奨:
9000If the server cannot handle this, gradually decrease the value to a minimum of
2000or follow vendor guidance.
API limit
Controls how many records are retrieved:
Default:
0(no restriction)Recommended:
1000for heavily populated Qualys sources.
API call (Host Assets – Direct Import to SQL)
When Host Assets (Direct Import to SQL) is selected, the API call is:
Method:
POSTEndpoint:
ApiUrl/qps/rest/2.0/search/am/hostasset
Fields retrieved (Host Assets)
If the fields returned are incorrect or you’re not using Host Assets (Direct Import to SQL), work with your Qualys SME to correct the underlying report in Qualys.
次のフィールドが取得されます。
Id
Name
Type
Os
Created
LastVulnScan
LastCheckedIn
Address
Fqdn
TrackingMethodこの内容はお役に立ちましたか?