Integrate Prisma Cloud with Qualys
Learn how to integrate Prisma™ Cloud with Qualys.
Prisma™ Cloud integrates with the Qualys platform to ingest and visualize vulnerability data for your resources that are deployed on the AWS and Azure cloud platforms.
- Gather the information that you need to set up the Qualys integration on Prisma Cloud.
- You must obtain the Qualys Security Operations Center (SOC) server API URL (also known as or associated with a POD—the point of delivery to which you areassigned and connected for access to Qualys).Get the API URLfrom your Qualys account(). The Qualys API URL is listed underHelpAboutQualys Scanner Appliances. When you enter this URL in as theQualys API Server URL, donot include:443.
- You must provide Qualys userswith the privileges required to enable the integration using the Manager role, the Unit Manager role, or both. You can modify the Manager role to enable read-only access permission if needed. (Refer to the Qualys documentation for details aboutUser Roles Comparison (Vulnerability Management).)
- You must enable Vulnerability Management (VM), Cloud Agent (CA), and Asset View (AV) for Qualys users.
- You must enable Qualys API and Qualys EC2 API access for Qualys users.
- (AWS only)You must configure Qualys Sensors for AWS cloud, such as Virtual Scanner Appliances, Cloud Agents, AWS Cloud Connectors, and Internet Scanners.The cloud agents or cloud connectors enable Prisma Cloud to retrieve vulnerability data so that you can correlate this data with your AWS asset inventory. (Refer to the Qualys documentation for more information.)
- (Azure only) For Azure accounts, deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM)(see the Qualys documentation).You can use Qualys Cloud Agents (Windows and Linux) for Azure instances from the Azure Security Center console to view vulnerability assessment findings within Azure Security Center and your Qualys subscription(see Qualys Documentation.)
- (Azure only) Make sure thatAzure VM Informationis visible in Qualys.
- Set up Qualys Integration on Prisma Cloud.
- Create a+New Integration.
- Set theIntegration TypetoQualys.
- Enter anIntegration NameandDescription.
- Enter theQualys API Server URL (without http[s]).This is theAPI URLfor your Qualys account. When you enter this URL,do not include the protocol (http(s))or the port (:443).
- Enter your QualysUser LoginandPassword.
- Saveyour changes.The integration will be listed on the Integrations dialog, whereyou can enable, disable, or delete integrationsas needed.
- View Qualys host vulnerability data in Prisma Cloud.After you configure Prisma Cloud with access to the Qualys findings, you can use RQL queries for visibility into the host vulnerability information collected by Qualys.
- UseConfig Queryfor visibility for host vulnerabilities.config where hostfinding.type = 'Host Vulnerability'Click a resource to get information about vulnerabilities. ViewtheAudit Trailtosee the CVE numbers.ClickHost Findingsfor information related to vulnerabilities. The Source column in Host Findings displays the Qualys icon to help you easily identify the source for the vulnerability findings.Network Querynetwork where dest.resource IN ( resource where hostfinding.type = 'Host Vulnerability' )
- Use the Qualys APIs on the CLI to confirm if API access is enabled for your account.If you have trouble connecting with Qualys API, enter your username, password, and the URL for the Qualys service in the following Curl examples:curl -H “X-Requested-With: Curl Sample” -u “Username:Password” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/?action=list&echo_request=1”curl -k “https://qualysapi.qg1.apps.qualys.in/msp/asset_group_list.php” -u “Username:Password”curl -k -H “X-Requested-With:curl” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/stats/?action=list” -u “Username:Password”