runZero integrates with Qualys VMDR by importing data from the Qualys KnowledgeBase API.
There is a column on the asset inventory page showing the count of vulnerabilities detected by Qualys for each asset. When a single asset is selected, the vulnerabilities table lists all the results related to that asset. The vulnerability count can be impacted by the type of vulnerability scan as well as the import settings selected.
The Vulnerabilities tab of the inventory lists all vulnerability results that have been imported from Qualys. The table lists every result, and selecting a result will take you to the page for the impacted asset.
Severity and risk scores
Qualys assigns all vulnerabilities a severity rating (Minimal, Medium, Serious, Critical, Urgent). runZero normalizes the severities shown in the vulnerability inventory to be consistent across the runZero Console.
|1 / Minimal
|2 / Medium
|3 / Serious
|4 / Critical
|5 / Urgent
runZero will also normalize risk scores assigned by Qualys. A risk score of 0.0 will be shown as
none in the runZero Console, and all other risk scores will match the assigned severity level.
Getting started with Qualys
To set up the Qualys VMDR integration, you’ll need to:
- Create or obtain user credentials with access to the Qualys API.
- Configure CVSS scoring in Qualys.
- Add the Qualys API username, password, and account API URL in runZero.
- Choose whether to configure the integration as a scan probe or connector task.
- Activate the Qualys integration to pull your data into runZero.
Before you can set up the Qualys VMDR integration:
- Verify that you have runZero Enterprise.
- Make sure you have access to the Qualys Cloud Platform portal.
Step 1: Add the Qualys credentials to runZero
- Go to the Credentials page in runZero.
Provide a name for the credentials, like
- Choose Qualys Username & Password from the list of credential types.
- Provide the following information:
- Qualys username - the username you want to use to connect to the Qualys API.
- Qualys password - the password for your Qualys API username.
- Qualys account API URL - the URL of the Qualys API for the relevant account. The expected format is
https://domain.tld:port. This URL is unique for each Qualys user.
- If you want other organizations to be able to use this credential, select the
Make this a global credentialoption. Otherwise, you can configure access on a per-organization basis.
- Save the credential. You’re now ready to set up and activate the connection to bring in data from Qualys VMDR.
Step 2: Choose how to configure the Qualys integration
The Qualys integration can be configured as either a scan probe or a connector task. Scan probes gather data from integrations during scan tasks. Connector tasks run independently from either the cloud or one of your Explorers, only performing the integration sync.
Step 3: Set up and activate the Qualys integration to sync data
After you add your Qualys credential, you’ll need to sync your data.
Step 3a: Configure the Qualys scan probe
You can run the Qualys VMDR integration as a scan probe so that the runZero Explorer will pull your vulnerability data into the runZero Console.
In a new or existing scan configuration:
- Ensure that the
QUALYSoption is set to
Probes and SNMPtab and change any of the default options if needed.
- Set the correct Qualys credential to
- Optionally, set the severity and risk levels for ingested vulnerability scan results.
Step 3b: Configure the Qualys connector
A connection requires you to set a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where any new Qualys-only assets are created.
- Activate a connection to Qualys. You can access all available third-party connections from the integrations page, your inventory, or the tasks page.
- Choose the credentials you added earlier. If you don’t see the credentials listed, make sure the credentials have access to the organization you are currently in.
- Set the severity and risk levels you want to import (optional).
- Set the Fingerprint only toggle to
Yesif you want vulnerability records to be ingested for fingerprint analysis but not stored in your runZero vulnerability inventory (optional).
- Enter a name for the task, like
- Choose the Explorer to perform this connector task from (optional).
- Choose the site you want to add your assets to. All newly discovered assets will be stored in this site.
- Enter a description for the task (optional).
- If you want to exclude assets that have not been scanned by runZero from your integration import, switch the Exclude unknown assets toggle to
Yes. By default, the integration will include assets that have not been scanned by runZero.
- If you want to include assets that have not been assessed for vulnerabilities, switch the Include unscanned assets toggle to
- Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
- Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.
Step 4: View Qualys assets and vulnerabilities
After a successful sync, you can go to your inventory to view your Qualys assets. These assets will have a Qualys icon listed in the Source column.
The Qualys integration gathers details about vulnerabilities detected in addition to enriching asset inventory data. Go to Inventory > Vulnerabilities to view the vulnerability data provided by Qualys VMDR.
To filter by Qualys assets, consider running the following query:
- View all Qualys assets:
Click into each asset to see its individual attributes. runZero will show you the attributes gathered from the Qualys VMDR scan data.
If you are having trouble using this integration, the questions and answers below may assist in your troubleshooting.
Why is the Qualys integration unable to connect?
- Are you getting any data from the Qualys integration?
- Make sure to query the inventory rather than look at the task details to review all the data available from this integration.
- In some cases, integrations have a configuration set that limits the amount of data that comes into the runZero console.
- Some integrations requires very specific actions that are easy to overlook. If a step is missed when setting up the intergration, it may not work correctly. Please review this documentation and follow the steps exactly.
- If the Qualys integration is unable to connect be sure to check the task log for errors. Some common errors include:
- 500 - server error, unable to connect to the endpoint
- 404 - hitting an unknown endpoint on the server
- 403 - not authorized, likely a credential issue
- Verify you are running the integration task from an Explorer with access to the Qualys host if it is on-premises.