Integrate Prisma Cloud with Qualys

Learn how to integrate Prisma Cloud with Qualys.
Prisma Cloud integrates with the Qualys platform to ingest and visualize vulnerability data on your resources deployed on the AWS and Azure cloud platforms.
  1. Gather the information that you need to set up the Qualys Integration on Prisma Cloud.
    • Qualys POD/SOC server API URL.
      To get the API URL, on your Qualys account, click
      Help
      About
      . The Qualys API URL is listed under
      Qualys Scanner Appliances
      . When you enter this URL in to the
      Qualys API Server URL
      , omit :443.
      qualys-azure-api-server-url.png
    • Qualys user with Manager or Unit Manager role to have the privileges required to enable the integration. You can modify the Manager role to enable read-only access permissions only. Refer to the Qualys documentation for details on User Roles Comparison (Vulnerability Management).
    • The Qualys user requires the Vulnerability Management (VM), Cloud Agent (CA), and Asset View (AV) enabled.
    • The Qualys user requires Qualys API and Qualys EC2 API access enabled.
    • (For AWS)
      Qualys Sensors for AWS cloud such as Virtual Scanner Appliances, Cloud Agents, AWS Cloud Connectors, Internet Scanners have to be setup.
      The cloud agents or the cloud connectors enable the retrieval of vulnerability data in to Prisma Cloud so that you can correlate this data against your AWS asset inventory. Refer to the Qualys documentation for information.
    • (For Azure)
      For Azure accounts, deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM). See Qualys documentation.
      You can use Qualys Cloud Agents (Windows and Linux) for Azure instances from the Azure Security Center console and view vulnerability assessment findings within Azure Security Center and your Qualys subscription. See Qualys Documentation .
    • (For Azure)
      Make sure that
      Azure VM Information
      is visible in Qualys.
      qualys-azure-vm-info.png
  2. Set up Qualys Integration on Prisma Cloud.
    1. Select
      Settings
      Integrations
      .
    2. Click
      +New Integration
      to create new integrations.
    3. Set the
      Integration Type
      as
      Qualys
      .
    4. Enter a Integration name and a description.
    5. Enter the
      Qualys API Server URL (without http[s])
      .
      This is the
      API URL
      for your Qualys account. When you enter this URL in omit the protocol http(s) and the port :443.
    6. Enter your Qualys
      User Login
      and
      Password
      .
    7. Click
      Next
      and then click
      Test
      .
      qualys-add-integration-in-prisma-cloud.png
    8. Click
      Save
      .
      The integration will be listed on the Integrations page. You can enable, disable, or delete your integration from this page.
  3. View Qualys host vulnerability data in Prisma Cloud.
    After Prisma Cloud has access to the Qualys findings, you can use RQL queries for visibility into the host vulnerability information collected from Qualys.
    1. Use Config queries for visibility on host vulnerabilities.
      Config Query
      config where hostfinding.type = 'Host Vulnerability'
      qualys-host-vulnerability.png
      Click on the resource to get information about vulnerabilities. From
      Audit Trail
      , you can get the CVE numbers.
      qualys-audit-trail.png
      Click
      Host Findings
      for information related to vulnerabilities. The Source column in Host Findings displays the Qualys icon to help you easily identify the source for the vulnerability findings.
      qualys-host-findings.png
      Network Query
      network where dest.resource IN ( resource where hostfinding.type = 'Host Vulnerability' )
      qualys-network-query.png
  4. Use the Qualys APIs on the CLI to confirm if API access is enabled for your account.
    If you have trouble connecting with Qualys API, enter your user name, password and the URL for the Qualys service in the following Curl examples:
    curl -H “X-Requested-With: Curl Sample” -u “Username:Password” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/?action=list&echo_request=1”
    curl -k “https://qualysapi.qg1.apps.qualys.in/msp/asset_group_list.php” -u “Username:Password”
    curl -k -H “X-Requested-With:curl” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/stats/?action=list” -u “Username:Password”

Related Documentation