Qualys Data Connector Installation
This connector allows you to continuously import Qualys scan and asset data into your Secureworks® Taegis™ VDR application in order to leverage VDR contextual prioritization.
Navigate to the Connectors Interface ⫘
To start the installation, follow these steps:
- Access the System menu by selecting the Account circle in the upper right, and then choose Settings.
- Select Connectors from the System Settings box.
VDR Connector List
- Select the + icon at the top right to add a new connector.
- Select External Scanner: Qualys from the Connector dropdown, and then choose Create New API Client from the API Client dropdown.
- Select Submit to open the installation wizard in a new window.
Note
Your browser might ask you to allow pop-ups from the originating window.
- From the wizard, follow the steps to complete the installation.
Local API Access ⫘
Qualys Data Connector Installation Wizard - VDR API access
The VDR API Access step requires you to enter your instance app URL and a Public API Client ID and Client Secret if not already populated for you. Follow this guide in order to create one.
-
You will be asked to log in to VDR to authorize your Public API client to make requests on your behalf during the installation process.
-
Make sure to select Full Access from the Authorization level dropdown. Submitting the form redirects you back to the installation wizard where you can proceed with the next step.
Note
The authorization duration can be very short since this is only used for installation purposes.
VDR - Public API client authorization
Qualys API Access ⫘
The Qualys API access requires you to fill in the credentials given by Qualys.
It requests and stores the access token to allow the connectors to retrieve the data. The access token is stored through VDR Credentials and is visible in the Settings/Credentials view.
Qualys Connector Installation Wizard - Qualys API Access Step
Qualys APIs & Service Levels Required ⫘
The following Qualys APIs and service levels are needed for a successful integration:
-
For server discovery & scan: PC/VM and AM APIs (giving access to the
/api/2.0/fo
and/qps/rest/2.0/search/am
endpoints). -
For website discovery & scan: In addition to the above APIs, the WAS API is needed (giving access to the
/qps/rest/3.0/search/was/
endpoint).
In addition, the following minimal service levels are required for a successful integration, based on the published Qualys API Limits VS asset and IP range count, and a typical discovery/scan schedule:
Asset Count | IP Ranges Configured | Daily Auto-discoveries / Monthly Scans | Daily Auto-discoveries / Weekly Scans |
---|---|---|---|
200 | 1 | Standard | Standard |
500 | 2 | Standard | Standard |
1000 | 5 | Standard | Standard |
2000 | 8 | Standard | Enterprise |
5000 | 20 | Standard | Enterprise |
10000 | 40 | Enterprise | Enterprise |
20000 | 80 | Enterprise | Premium |
50000 | 200 | Premium | Premium |
75000 | 300 | Premium | Premium |
100000 | 400 | Premium | Premium |
Example: A 2000 asset environment spread over approximately eight ranges (/24s) would need the Standard
API service level to run weekly discoveries on all the ranges and monthly scans on all the discovered assets, whereas it would require the Enterprise
API service level to run scans on all the assets on a weekly basis.
Configuration ⫘
The Configuration step requires you to select a team for the assets. In the case of the teams list being empty, you’ll need to refresh the page and start anew. Enter an IP Range, a Tag, and Frequency to retrieve the Qualys data. This tag is important as it links the synchronized data to its source.
Note
You should remember the Tag that you create since you will likely have to re-use it to configure third-party scanner ranges or assets with this special tag.
After submitting the form, we will create all of these for you.
If everything was created properly, the Confirmation step displays a success message.
You can close this tab and you will be brought back to the Integration Connectors panel to see your new connector.
Important
It is important to save the Client ID/Client Secret in a password manager on your end.
Confirmation ⫘
Qualys Connector Installation Wizard - Confirmation Step
Note
Now is a good time to configure a third-party scanner range in VDR to start fetching assets and their vulnerabilities through this connector.