Qualys Web Application Scanning (WAS) Data Export and Report Setup Guide

Summary: How to export data from Qualys Web Application Scanning (WAS) for ingestion into RiskSense.

Qualys WAS Overview

Qualys Web Application Scanning (WAS) is a cloud-based service that provides automated testing of web applications to identify software vulnerabilities.

Qualys WAS Setup

Log into Qualys WAS with your username and password.

Qualys WAS - Login Screen

Navigate to the Web Application Scanning option under Modules.

Qualys WAS - WAS Module Location - View

Exporting a WEB_APPLICATION_SCAN

Once on the Web Application Scanning home page, click the Scans tab in the navigation bar.

Qualys WAS - WAS Dashboard - View

On the Scans page, click the New Scan drop down and select Vulnerability Scan.

Qualys WAS - Vulnerability Scan Location - View

In the Launch New WAS Vulnerability Scan window, fill in the Scan Name and Web Applications to scan.

Qualys WAS - New WAS Vuln Scan - Step 1

For Step 2, complete the fields for Test Profile, Authentication, and Scanner Appliance.

Qualys WAS - New WAS Vuln Scan - Step 2

After reviewing your scanning preferences, select Finish.

Qualys WAS - New WAS Vuln Scan - Step 3

The scan status displays Finished when completed.

Qualys WAS - Finished Scan - View

Select the checkbox of the scan that finished and under the Actions drop down, select Download.

Qualys WAS - Scan Download Location - View

A Scan Results Download pop up will appear and select Download. This downloads a WEB_APPLICATION_SCAN XML type.

Qualys WAS - Download Scan Results in Legacy XML

Exporting a WAS_WEBAPP_REPORT

Once on the Web Application Scanning home page, click the Reports tab in the navigation bar.

Qualys WAS - Reports Navigation Menu Location

On the Reports page, click the New Report button.

Qualys WAS - New Report Button

In the Report Creation window, choose Web Application Report as both the Report Type and Report Template. Then, select Continue.

Qualys WAS - Report Creation Step 1

Step 2 requires selecting the target of your report through including or excluding specific tags or selecting the name of the web application directly. Once the desired web application(s) are chosen, select Finish.

Qualys WAS - Report Creation Step 2

This action takes you to the Web Application Report tab within Report Management. Select Download from the top-right corner of the page.

Qualys WAS - Download Web Application Report

To save the report, select Extensible Markup Language (XML) as the desired format and select the appropriate Timezone. Tags are optional but can be applied to the report. Then, select Save.

Qualys WAS - Save Report - XML

After the report is generated, a confirmation snackbar appears at the top of the page and the WAS_WEBAPP_REPORT XML type is downloaded automatically.

Qualys WAS - Snackbar Message

To download an existing report, select the Reports tab within Report Management to view all generated reports.

Qualys WAS - Download an Existing Report

Exporting a WAS_SCAN_REPORT

Once on the Web Application Scanning home page, click the Reports tab in the navigation bar.

Qualys WAS - Reports Dashboard Location

On the Reports page, click the New Report button.

Qualys WAS - New Report Button - Second

In the Report Creation pop up, choose Scan Report as both the Report Type and Report Template.

Qualys WAS - Scan Report

Then, select Continue.

Qualys WAS - Report Creation Continue

Step 2 requires selecting a target of the report. Users can select a Scan or a WebApp. Once a target is selected, click Finish.

Scan:

Qualys WAS - Select Target of Report

WebApp:

Qualys WAS - Select Target of Report - WebApp

This action takes you to the Scan Report tab within Report Management. Select Download from the top-right corner of the page.

Qualys WAS - Scan Report - Download Button

To save the report, select Extensible Markup Language (XML) as the desired format and select the appropriate Timezone. Tags are optional but can be applied to the report.

Qualys WAS - Save Scan Report

Then, select Save. After the report generates, a confirmation snackbar appears at the top of the page and the WAS_SCAN_REPORT XML type is downloaded automatically.

Qualys WAS - Report Generation Snackbar