Qualys Vulnerability Report Setup Guide

Summary: How to set up a vulnerability report in Qualys.

Qualys Vulnerability Manager Overview

Qualys Vulnerability Management provides asset discovery and vulnerability assessment for on-premises and cloud environments. The RiskSense platform supports client “connector” configurations to provide a scheduled upload of Qualys network scan information. When looking at the RiskSense API Connectors page, it records and displays the last time data from the Qualys connector has been uploaded.

Qualys Vulnerability Report Template Overview

This guide allows the user to set up a Qualys Vulnerability report that will allow the RiskSense platform to pull the maximum amount to data from the Qualys platform. Once the report has been set up and the cadence set the Qualys File Pickup connector can be configured in RiskSense.

Report Template Setup

Log in to the Qualys web user interface (UI).

Qualys Vuln Report - Login Screen

Navigate to Reports->Templates.

Qualys Vuln Report - Reports and Templates Locations

Select New and click Scan Template….

Qualys Vuln Report - New Scan Template Location

Navigate through the wizard and use the values from the screenshot below. Title the report with “RiskSense -” as the prefix. Click Findings to continue the configuration.

Qualys Vuln Report - New Scan Report Template - Title

Adjust the host targets and ensure that Hosts with Cloud Agents is selected for All data.

Qualys Vuln Report - New Scan Report Template - Findings

Click Display and ensure the following options have been selected, as designated by the next two screenshots.

Qualys Vuln Report - Display - Summary

Qualys Vuln Report - Display - Include

Next, click Filters and ensure the following options have been selected, as designated by the next three screenshots.

Qualys Vuln Report - Filters - Selective and Included

Qualys Vuln Report - Filters - State

Qualys Vuln Report - Filters - Included Categories

Click Services and Ports and ensure the following options have been selected, as designated by the next screenshots. Once complete, click Save.

Qualys Vuln Report - Services and Ports

The report template is now available.

Qualys Vuln Report - Successfully Created Report Template

Report Generation and Scheduling

Navigate to Reports.

Qualys Vuln Report - Reports Location

Select New and create a new report from the template created in the previous section.

Qualys Vuln Report - New Template-Based Scan Report Location

Prefix the report name with ‘RiskSense-’ (no quotes) and define a schedule for report generation, as Qualys deletes old reports after a week.

Qualys Vuln Report - New Scan Report Setup

Qualys Vuln Report - New Scan Report Setup - Report Options

Click the Schedule button at the bottom of the form when finished.

Now, set up a Qualys Vulnerability connector in RiskSense by navigating to the Automation > Integrations page.

Qualys Vuln Report - Integrations Page

Using the search box in the upper-right corner of the page, type in Qualys. Click the Configuration button on the Qualys Vulnerability tile in the Network category.

Qualys Vuln Report - Qualys Vulnerability Connector Configuration Button

Configure the fields, as necessary. In the Report Name Prefix box, enter the exact same report name prefix value (no quotes) as entered during the report template setup. Once complete, click Save.

The connector can only pull the generated reports if the connector’s provided Qualys user can access the generated reports.

Qualys Vuln Report - Connector Configuration

Qualys Vuln Report - Connector Schedule and Specific Options