Summary: How to set up a vulnerability report in Qualys.
Qualys Vulnerability Manager Overview
Qualys Vulnerability Management provides asset discovery and vulnerability assessment for on-premises and cloud environments. The RiskSense platform supports client “connector” configurations to provide a scheduled upload of Qualys network scan information. When looking at the RiskSense API Connectors page, it records and displays the last time data from the Qualys connector has been uploaded.
Qualys Vulnerability Report Template Overview
This guide allows the user to set up a Qualys Vulnerability report that will allow the RiskSense platform to pull the maximum amount to data from the Qualys platform. Once the report has been set up and the cadence set the Qualys File Pickup connector can be configured in RiskSense.
Report Template Setup
Log in to the Qualys web user interface (UI).
Navigate to Reports->Templates.
Select New and click Scan Template….
Navigate through the wizard and use the values from the screenshot below. Title the report with “RiskSense -” as the prefix. Click Findings to continue the configuration.
Adjust the host targets and ensure that Hosts with Cloud Agents is selected for All data.
Click Display and ensure the following options have been selected, as designated by the next two screenshots.
Next, click Filters and ensure the following options have been selected, as designated by the next three screenshots.
Click Services and Ports and ensure the following options have been selected, as designated by the next screenshots. Once complete, click Save.
The report template is now available.
Report Generation and Scheduling
Navigate to Reports.
Select New and create a new report from the template created in the previous section.
Prefix the report name with ‘RiskSense-’ (no quotes) and define a schedule for report generation, as Qualys deletes old reports after a week.
Click the Schedule button at the bottom of the form when finished.
Now, set up a Qualys Vulnerability connector in RiskSense by navigating to the Automation > Integrations page.
Using the search box in the upper-right corner of the page, type in Qualys. Click the Configuration button on the Qualys Vulnerability tile in the Network category.
Configure the fields, as necessary. In the Report Name Prefix box, enter the exact same report name prefix value (no quotes) as entered during the report template setup. Once complete, click Save.
The connector can only pull the generated reports if the connector’s provided Qualys user can access the generated reports.