1. Knowledge Base
  2. Unified VRM Integrations

Quickstart for Qualys VM

This page walks you through setting up Qualys VM for your Unified VRM, and ingesting Qualys VM data inside Unified VRM.

Before you begin

To complete this quickstart, including setting up a Qualys VM credential for your Unified VRM, you'll need to have:

  1. Qualys VM subscription
  2. Qualys VM Manager or Unit Manager role
  3. Qualys API access (Qualys support can enable)
  4. Unified VRM Admin privileges

Create dedicated Qualys account for Unified VRM

Step 1: Create Qualys VM account for Unified VRM

The following Qualys documentation shows how to create a user account:

Add New User (using VM)

Please use the following values when creating a new user.

General Information

  • First Name: NopSec
  • Last Name: UVRM
  • Title: UVRM
  • Phone: (646) 502-7900
  • Email: [customer’s email address]
  • Address 1: 20 Jay St #903
  • Country: United States of America
  • Role: Basic

User Role

  • User Role: Manager
  • Allow access to
    • GUI: checked
    • API: checked
  • Business Unit: Unassigned

Permissions

  • Manage VM module: checked

Options

  • None for all
  • Off for all
  • No notification for all

Security

  • VIP two-factor authentication: not checked

Step 2: Open welcome email

Once you've added the user, Qualys will send you a welcome email with login instructions.

Open the link in the email to reveal UVRM’s Qualys username and password.

Input credentials into Unified VRM

Please provide the Unified VRM user account’s username and password in the Integrate tab in the Unified VRM platform.

  1. Enter your Qualys username and password

  2. Enter the the Qualys POD/Region url.

  3. Submit

After your secure connection has been established, the status will be displayed there in the Integrate tab. You can edit or change your credentials at anytime by clicking the edit link. 

Settings

Unified VRM Asset Groups

The following metadata from Qualys will be converted into Asset Groups within Unified VRM:

  • Tags
  • Asset Groups
  • Business Units

These asset groups can then be used during search queries.

Vulnerability Date Information

Within Unified VRM, there will be several dates in the Remediations tabs. When importing Qualys data, the following criteria is used to populate these date fields.

  • “Age” is calculated from when Qualys first detected the vulnerability
  • “Last Detected” is the last date Qualys detected the vulnerability

Qualys Connector API Calls

The following API calls are performed during a connector run to retrieve the Qualys information and import it into Unified VRM.

  • Scans
    /api/2.0/fo/scan/
  • Tags
    /qps/rest/2.0/search/am/tag
  • Hosts
    /api/2.0/fo/asset/host/
  • Detections
    /api/2.0/fo/asset/host/vm/detection/