This page walks you through setting up Qualys VM for your Unified VRM, and ingesting Qualys VM data inside Unified VRM.
Before you begin
To complete this quickstart, including setting up a Qualys VM credential for your Unified VRM, you'll need to have:
- Qualys VM subscription
- Qualys VM Manager or Unit Manager role
- Qualys API access (Qualys support can enable)
- Unified VRM Admin privileges
Create dedicated Qualys account for Unified VRM
Step 1: Create Qualys VM account for Unified VRM
The following Qualys documentation shows how to create a user account:
Please use the following values when creating a new user.
- First Name: NopSec
- Last Name: UVRM
- Title: UVRM
- Phone: (646) 502-7900
- Email: [customer’s email address]
- Address 1: 20 Jay St #903
- Country: United States of America
- Role: Basic
- User Role: Reader
- Allow access to
- GUI: checked
- API: checked
- Business Unit: Unassigned
- Manage VM module: checked
- None for all
- Off for all
- No notification for all
- VIP two-factor authentication: not checked
Step 2: Open welcome email
Once you've added the user, Qualys will send you a welcome email with login instructions.
Open the link in the email to reveal UVRM’s Qualys username and password.
Configure the Qualys Connector in Unified VRM
Once the Qualys VM icon is selected from the Unified VRM Integrations page, you will see a screen like the below image.
Enter your Qualys username and password
Enter the the Qualys POD/Region url.
- (Optional) Select the scans that you want to exclusively sync. If not chosen, all scans will be synced.
Unified VRM Asset Groups
The following metadata from Qualys will be converted into Asset Groups within Unified VRM:
- Asset Groups
- Business Units
These asset groups can then be used during search queries.
Vulnerability Date Information
Within Unified VRM, there will be several dates in the Remediations tabs. When importing Qualys data, the following criteria is used to populate these date fields.
- “Age” is calculated from when Qualys first detected the vulnerability
- “Last Detected” is the last date Qualys detected the vulnerability
Qualys Connector API Calls
The following API calls are performed during a connector run to retrieve the Qualys information and import it into Unified VRM.