Integrate Prisma Cloud with Qualys
Learn how to integrate Prisma™ Cloud with Qualys.
Prisma™ Cloud integrates with the Qualys platform to ingest and visualize vulnerability data for your resources that are deployed on the AWS and Azure cloud platforms.
- Gather the information that you need to set up the Qualys integration on Prisma Cloud.
- You must obtain the Qualys Security Operations Center (SOC) server API URL (also known as or associated with a POD—the point of delivery to which you are assigned and connected for access to Qualys).Get the API URL from your Qualys account (). The Qualys API URL is listed underQualys Scanner Appliances. When you enter this URL in as theQualys API Server URL, do not include :443.
- You must provide Qualys users with the privileges required to enable the integration using the Manager role, the Unit Manager role, or both. You can modify the Manager role to enable read-only access permission if needed. (Refer to the Qualys documentation for details about User Roles Comparison (Vulnerability Management).)
- You must enable Vulnerability Management (VM), Cloud Agent (CA), and Asset View (AV) for Qualys users.
- You must enable Qualys API and Qualys EC2 API access for Qualys users.
- () You must configure Qualys Sensors for AWS cloud, such as Virtual Scanner Appliances, Cloud Agents, AWS Cloud Connectors, and Internet Scanners. The cloud agents or cloud connectors enable Prisma Cloud to retrieve vulnerability data so that you can correlate this data with your AWS asset inventory. (Refer to the Qualys documentation for more information.)
- () For Azure accounts, deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM) (see the Qualys documentation). You can use Qualys Cloud Agents (Windows and Linux) for Azure instances from the Azure Security Center console to view vulnerability assessment findings within Azure Security Center and your Qualys subscription (see Qualys Documentation.)
- () Make sure thatAzure VM Informationis visible in Qualys.
- Set up Qualys Integration on Prisma Cloud.
- Select .
- . A modal wizard opens where you can add the Qualys integration.
- Enter anIntegration NameandDescription.
- Enter theQualys API Server URL (without http[s]).This is theAPI URLfor your Qualys account. When you enter this URL, (http(s)) or the port (:443).
- Enter your QualysUser LoginandPassword.
- Next.
- TestandSavethe integration.The integration will be listed on the Integrations page, where you can enable, disable, or delete integrations as needed.
- View Qualys host vulnerability data in Prisma Cloud.After you configure Prisma Cloud with access to the Qualys findings, you can use RQL queries for visibility in to the host vulnerability information collected by Qualys.
- UseConfig Queryfor visibility for host vulnerabilities.config from cloud.resource where finding.type = 'Host Vulnerability'
Click View theAudit Trailsee the CVE numbers.
ClickHost Findingsfor information related to vulnerabilities. The Source column in Host Findings displays the Qualys icon to help you easily identify the source for the vulnerability findings.
Network Querynetwork from vpc.flow_record where dest.resource IN ( resource where finding.type = 'Host Vulnerability' )
- Use the Qualys APIs on the CLI to confirm if API access is enabled for your account.If you have trouble connecting with Qualys API, enter your username, password, and the URL for the Qualys service in the following Curl examples:curl -H “X-Requested-With: Curl Sample” -u “Username:Password” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/?action=list&echo_request=1”curl -k “https://qualysapi.qg1.apps.qualys.in/msp/asset_group_list.php” -u “Username:Password”curl -k -H “X-Requested-With:curl” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/stats/?action=list” -u “Username:Password”
Most Popular
