Skip to content
English
NopSec.com
  • There are no suggestions because the search field is empty.

How do I configure a Qualys Integration?

In the Qualys Cloud Platform API access is granted by creating a Service User account and enabling specific permissions and scopes for it. The username and password for this account function as your API credentials. Here is the step-by-step guide to creating a dedicated API user with access restricted to a specific set of assets.

Step 1: Define Your Asset Scope

Before creating the user, you must define which assets they are allowed to see. You can do this using Asset Groups (classic method) or Tags (modern/Global AssetView method).

Option A: Using Asset Groups (Recommended for VM/PC modules)

  1. Log in to Qualys and navigate to Vulnerability Management > Assets > Asset Groups.
  2. Click New > Asset Group.
  3. Title: Give it a clear name (e.g., Scope-Finance-Servers).
  4. IPs/Domains: Add the specific IP addresses or ranges you want this API key to access.
  5. Click Save.

Option B: Using Tags (Recommended for CSAM/Global AssetView)

  1. Navigate to Global AssetView (or Asset Management) > Tags.
  2. Click Create Tag.
  3. Define the tag rule (e.g., IP Address in range 192.168.1.1-100 or OS contains "Linux").
  4. Save the tag.

Step 2: Create a Restricted User Role

It is best practice to ensure this user cannot log into the GUI and can only use the API.

  1. Navigate to Users > Role Management (or Administration utility > Role Management).
  2. Create a new role (e.g., "API_Reader_Role").
  3. Permissions:
    • Uncheck "GUI Access" (optional, if you want a true "headless" service account).
    • Check "API Access".
    • Ensure the relevant module permissions (like "Vulnerability Management" > "Read") are checked.
  4. Save the Role.

Step 3: Create the Service User

Now you will create the user account that acts as your API Key.

  1. Navigate to Vulnerability Management > Users > Users.
  2. Click New > User.
  3. General Information:
    • First Name/Last Name: Use a service name (e.g., First: Service, Last: ServiceNow_Int).
    • User Role: Select the Role you created in Step 2 (or use "Reader").
  4. Asset Groups (The Critical Step):
    • Go to the Asset Groups tab.
    • Important: By default, "All" might be selected. Remove "All".
    • Click Add and select only the Asset Group you created in Step 1 (e.g., Scope-Finance-Servers).
  5. Permissions:
    • Verify the "API Access" checkbox is enabled here as well.
  6. Security:
    • It is highly recommended to check "Password never expires" if your policy allows, as this prevents API breakage. Note: You may need to contact Qualys Support to enable this option for your subscription.
  7. Click Save.

Your "API Key" is now the Username and Password of this new user.