Device Security can integrate with Qualys Enterprise TruRisk Vulnerability Management, Detection & Response to perform vulnerability scans. When you initiate a vulnerability scan of a particular IoT device from the Device Security portal, the command is securely sent from the Device Security through Cortex XSOAR to the Qualys Cloud API over HTTPS. The Qualys Cloud forwards the command to the specified scanner, which performs its scan and sends back the results. Qualys creates a report with the data it received, generates a PDF, and sends it back through Cortex XSOAR to Device Security. Device Security updates the vulnerability information and risk score for the scanned device and displays a link to the report on its Device Details page and on the Vulnerability Scan Reports page.

Qualys vulnerability scans complement the passive monitoring that Device Security performs on network traffic by uncovering vulnerabilities on scanned devices. Device Security incorporates the scan results such as CVEs into its ongoing risk score assessments.

Integrating with Qualys requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Qualys. The advanced plan includes a license for all supported third-party integrations.