Get started with Jira Service Management for admins
Your first stop for learning how to get started with Jira Service Management.
Assets Data Manager for Jira Service Management Cloud is a Premium and Enterprise only feature that is currently in Open Beta development. View and vote on our list of upcoming features.
If you find a bug or have questions, please reach out to Atlassian Support or the Atlassian Community.
Qualys is a tool produced by Qualys a company of the same name. It is used to detect network vulnerabilities across an environment.
Qualys Adapter uses an API connection to bring data into Assets Data Manager.
This task requires Data Manager Adapters admin permissions to complete. See how permissions and roles work in Data Manager.
Ensure that the Qualys source is API enabled with relevant firewall rules established. Also ensure that the credentials to access the source are available.
It is also important to note that the Qualys API works in 3 different ways -
Host Assets (Direct Import to SQL) - this is a canned query using the HostAsset call that will return a set list of fields, loading them directly into Data Manager.
Report (Save to CSV) - this uses a report saved in Qualys with whatever fields you want to consume, and then loads the file from a CSV file into Data Manager. This allows the CSV file to be modified, if required, prior to loading into Data Manager.
Report (Direct Import to SQL) - this is where a report is written in Qualys with the desired fields. However, this will load the data from that report directly into the Data Manager without the manipulation option.
When using Option 2 or 3, the API URL and the Token ID must be entered prior to trying to select the Report ID. They are required for Assets Data Manager to collect the reports.
Follow this procedure to connect this tool to Assets Data Manager using the custom-built Adapter:
Gather all of the information listed in the Data Manager Fields section, such as the Name, Object class, Data Source Name, and Data Source Type.
Gather all of the information in the Qualys Fields section - this may require consultation with the subject matter expert (SME) for Qualys.
Within Data Manager:
Create a new job by selecting the Adaptor that matches your tool.
Configure all of the required fields with the appropriate information.
Within Qualys:
Follow all of the steps listed in the Authentication and authorization section, below, to properly configure Authentication and authorization.
Review the information in the API Call section. This section only applies when Host Assets (Direct Import to SQL) is selected.
Review the information in the Fields Retrieved section, below.
Each time this job is run, the data your have selected will be brought into Data Manager using the configured Adapter and become raw data.
You will need to specify the following information from Assets Data Manager:
Name - the name of the connection, visible as the job name in Adapters.
Object Class - the name of the Object Class you want to the data to be loaded into.
Data Source Name - the type of data being created; which is usually the tool name, e.g AD, Qualys etc. Note: This can be the same as Name.
Data Source Type - what type of data is the tool providing? For example, Assets, CMDB, user location and more.
You will need to specify the following information from Qualys:
API URL - The Qualys instance URL to enable Data Manager to connect to the Qualys source.
Username and Password - User name and password to generate the API Access Token.
API Access Token - Encoded base-64 string used in authorization of Qualys API access. This token is generated upon populating the username and the password fields and clicking on the GENERATE button.
Action Type - There are 3 types of actions in Qualys
Host Assets (Direct Import to SQL) - no additional fields are required
Report (Save to CSV) - the Qualys report number and the location of the CSV file (file path) to load will be required.
Report (Direct Import to SQL) - the Qualys report number will be required.
API Timeout - Maximum time in minutes for the completion of report generation process.
API Timeout
An API Timeout occurs if the service takes longer than expected to respond to a call. If a timeout occurs, it results in a ‘500 error’ status code with details about the timeout in the response. Timeouts are typically caused by one of two things:
the call involves too much data
there is a network or service issue
The default value for this field is 0, but we recommend setting this field manually to a value of 9000.
If the data source server cannot handle this value, we recommend gradually lowering the API Timeout value to a minimum of 2000, or to consult the vendor documentation for further guidance.
Api limit - Maximum number of records to return. This allows the enforcement of the amount of request/quantity of data (or records) to be consumed by the Data Manager Adapters.
By default, the API limit is set to 0 meaning that there are no restrictions, however if connecting to a Qualys source that is heavily populated with data, the best practice is to limit the rate to 1000.
The API call for Qualys when Host Assets (Direct Import to SQL) is selected : POST ApiUrl/qps/rest/2.0/search/am/hostasset.
If the fields returned are incorrect or you’ve not selected Host Assets (Direct Import to SQL) option, speak to your Qualys SME and arrange for the source report in Qualys to be corrected.
The following fields are retrieved:
1
2
3
4
5
6
7
8
9
10
Id
Name
Type
Os
Created
LastVulnScan
LastCheckedIn
Address
Fqdn
TrackingMethod
Was this helpful?