Integrate Prisma Cloud with Qualys

Learn how to integrate Prisma™ Cloud with Qualys.
Prisma™ Cloud integrates with the Qualys platform to ingest and visualize vulnerability data for your resources that are deployed on the AWS and Azure cloud platforms.
  1. Gather the information that you need to set up the Qualys integration on Prisma Cloud.
    • You must obtain the Qualys Security Operations Center (SOC) server API URL (also known as or associated with a POD—the point of delivery to which you are assigned and connected for access to Qualys).
      Get the API URL from your Qualys account (
      Help
      About
      ). The Qualys API URL is listed under
      Qualys Scanner Appliances
      . When you enter this URL in as the
      Qualys API Server URL
      , do not include
      :443
      .
    • You must provide Qualys users with the privileges required to enable the integration using the Manager role, the Unit Manager role, or both. You can modify the Manager role to enable read-only access permission if needed. (Refer to the Qualys documentation for details about User Roles Comparison (Vulnerability Management).)
    • You must enable Vulnerability Management (VM), Cloud Agent (CA), and Asset View (AV) for Qualys users.
    • You must enable Qualys API and Qualys EC2 API access for Qualys users.
    • (
      ) You must configure Qualys Sensors for AWS cloud, such as Virtual Scanner Appliances, Cloud Agents, AWS Cloud Connectors, and Internet Scanners.
      The cloud agents or cloud connectors enable Prisma Cloud to retrieve vulnerability data so that you can correlate this data with your AWS asset inventory. (Refer to the Qualys documentation for more information.)
    • (
      ) For Azure accounts, deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM) (see the Qualys documentation).
      You can use Qualys Cloud Agents (Windows and Linux) for Azure instances from the Azure Security Center console to view vulnerability assessment findings within Azure Security Center and your Qualys subscription (see Qualys Documentation.)
    • (
      ) Make sure that
      Azure VM Information
      is visible in Qualys.
  2. Set up Qualys Integration on Prisma Cloud.
    1. Select
      Settings
      Integrations
      .
    2. Add Integration
      Qualys
      . A modal wizard opens where you can add the Qualys integration.
    3. Enter an
      Integration Name
      and
      Description
      .
    4. Enter the
      Qualys API Server URL (without http[s])
      .
      This is the
      API URL
      for your Qualys account. When you enter this URL, (
      http(s)
      ) or the port (
      :443
      ).
    5. Enter your Qualys
      User Login
      and
      Password
      .
    6. Next
      .
    7. Test
      and
      Save
      the integration.
      The integration will be listed on the Integrations page, where you can enable, disable, or delete integrations as needed.
  3. View Qualys host vulnerability data in Prisma Cloud.
    After you configure Prisma Cloud with access to the Qualys findings, you can use RQL queries for visibility in to the host vulnerability information collected by Qualys.
    1. Use
      Config Query
      for visibility for host vulnerabilities.
      config from cloud.resource where finding.type = 'Host Vulnerability'
      Click View the
      Audit Trail
      see the CVE numbers.
      Click
      Host Findings
      for information related to vulnerabilities. The Source column in Host Findings displays the Qualys icon to help you easily identify the source for the vulnerability findings.
      Network Query
      network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'Host Vulnerability' )
  4. Use the Qualys APIs on the CLI to confirm if API access is enabled for your account.
    If you have trouble connecting with Qualys API, enter your username, password, and the URL for the Qualys service in the following Curl examples:
    curl -H “X-Requested-With: Curl Sample” -u “Username:Password” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/?action=list&echo_request=1”
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    curl -k “https://qualysapi.qg1.apps.qualys.in/msp/asset_group_list.php” -u “Username:Password”
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    curl -k -H “X-Requested-With:curl” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/stats/?action=list” -u “Username:Password”
    Code copied to clipboard
    Unable to copy due to lack of browser support.

Recommended For You