Qualys Data Connector Installation

This connector allows you to continuously import Qualys scan and asset data into your Secureworks® Taegis™ VDR application in order to leverage VDR contextual prioritization.

Navigate to the Connectors Interface ⫘

To start the installation, follow these steps:

1. Access the System menu by selecting the Account circle in the upper right, and then choose Settings.
2. Select Connectors from the System Settings box.

VDR Connector List

3. Select the + icon at the top right to add a new connector.
4. Select External Scanner: Qualys from the Connector dropdown, and then choose Create New API Client from the API Client dropdown.
5. Select Submit to open the installation wizard in a new window.

6. From the wizard, follow the steps to complete the installation.

Local API Access ⫘

Qualys Data Connector Installation Wizard - VDR API access

The VDR API Access step requires you to enter your instance app URL and a Public API Client ID and Client Secret if not already populated for you. Follow this guide in order to create one.

1. You will be asked to log in to VDR to authorize your Public API client to make requests on your behalf during the installation process.

2. Make sure to select Full Access from the Authorization level dropdown. Submitting the form redirects you back to the installation wizard where you can proceed with the next step.

VDR - Public API client authorization

Qualys API Access ⫘

The Qualys API access requires you to fill in the credentials given by Qualys.

It requests and stores the access token to allow the connectors to retrieve the data. The access token is stored through VDR Credentials and is visible in the Settings/Credentials view.

Qualys Connector Installation Wizard - Qualys API Access Step

Qualys APIs & Service Levels Required ⫘

The following Qualys APIs and service levels are needed for a successful integration:

• For server discovery & scan: PC/VM and AM APIs (giving access to the /api/2.0/fo and /qps/rest/2.0/search/am endpoints).

• For website discovery & scan: In addition to the above APIs, the WAS API is needed (giving access to the /qps/rest/3.0/search/was/ endpoint).

In addition, the following minimal service levels are required for a successful integration, based on the published Qualys API Limits VS asset and IP range count, and a typical discovery/scan schedule:

Asset Count	IP Ranges Configured	Daily Auto-discoveries / Monthly Scans	Daily Auto-discoveries / Weekly Scans
200	1	Standard	Standard
500	2	Standard	Standard
1000	5	Standard	Standard
2000	8	Standard	Enterprise
5000	20	Standard	Enterprise
10000	40	Enterprise	Enterprise
20000	80	Enterprise	Premium
50000	200	Premium	Premium
75000	300	Premium	Premium
100000	400	Premium	Premium

Example: A 2000 asset environment spread over approximately eight ranges (/24s) would need the Standard API service level to run weekly discoveries on all the ranges and monthly scans on all the discovered assets, whereas it would require the Enterprise API service level to run scans on all the assets on a weekly basis.

Configuration ⫘

The Configuration step requires you to select a team for the assets. In the case of the teams list being empty, you’ll need to refresh the page and start anew. Enter an IP Range, a Tag, and Frequency to retrieve the Qualys data. This tag is important as it links the synchronized data to its source.

After submitting the form, we will create all of these for you.

If everything was created properly, the Confirmation step displays a success message.

You can close this tab and you will be brought back to the Integration Connectors panel to see your new connector.

Confirmation ⫘

Qualys Connector Installation Wizard - Confirmation Step