Integrate Prisma Cloud with Qualys

Learn how to integrate Prisma™ Cloud with Qualys.
Prisma™ Cloud integrates with the Qualys platform to ingest and visualize vulnerability data for your resources that are deployed on the AWS and Azure cloud platforms.
  1. Gather the information that you need to set up the Qualys integration on Prisma Cloud.
    • You must obtain the Qualys Security Operations Center (SOC) server API URL (also known as or associated with a POD—the point of delivery to which you areassigned and connected for access to Qualys).
      Get the API URLfrom your Qualys account(
      Help
      About
      ). The Qualys API URL is listed under
      Qualys Scanner Appliances
      . When you enter this URL in as the
      Qualys API Server URL
      , donot include
      :443
      .
      qualys-azure-api-server-url.png
    • You must provide Qualys userswith the privileges required to enable the integration using the Manager role, the Unit Manager role, or both. You can modify the Manager role to enable read-only access permission if needed. (Refer to the Qualys documentation for details aboutUser Roles Comparison (Vulnerability Management).)
    • You must enable Vulnerability Management (VM), Cloud Agent (CA), and Asset View (AV) for Qualys users.
    • You must enable Qualys API and Qualys EC2 API access for Qualys users.
    • (
      AWS only
      )You must configure Qualys Sensors for AWS cloud, such as Virtual Scanner Appliances, Cloud Agents, AWS Cloud Connectors, and Internet Scanners.
      The cloud agents or cloud connectors enable Prisma Cloud to retrieve vulnerability data so that you can correlate this data with your AWS asset inventory. (Refer to the Qualys documentation for more information.)
    • (
      Azure only
      ) For Azure accounts, deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM)(see the Qualys documentation).
      You can use Qualys Cloud Agents (Windows and Linux) for Azure instances from the Azure Security Center console to view vulnerability assessment findings within Azure Security Center and your Qualys subscription(see Qualys Documentation.)
    • (
      Azure only
      ) Make sure that
      Azure VM Information
      is visible in Qualys.
      qualys-azure-vm-info.png
  2. Set up Qualys Integration on Prisma Cloud.
    1. Select
      Settings
      Integrations
      .
    2. Create a
      +New Integration
      .
    3. Set the
      Integration Type
      to
      Qualys
      .
    4. Enter an
      Integration Name
      and
      Description
      .
    5. Enter the
      Qualys API Server URL (without http[s])
      .
      This is the
      API URL
      for your Qualys account. When you enter this URL,do not include the protocol (
      http(s)
      )or the port (
      :443
      ).
    6. Enter your Qualys
      User Login
      and
      Password
      .
      qualys-add-integration-in-prisma-cloud.png
    7. Save
      your changes.
      The integration will be listed on the Integrations dialog, whereyou can enable, disable, or delete integrationsas needed.
  3. View Qualys host vulnerability data in Prisma Cloud.
    After you configure Prisma Cloud with access to the Qualys findings, you can use RQL queries for visibility into the host vulnerability information collected by Qualys.
    1. Use
      Config Query
      for visibility for host vulnerabilities.
      config where hostfinding.type = 'Host Vulnerability'
      qualys-host-vulnerability.png
      Click a resource to get information about vulnerabilities. Viewthe
      Audit Trail
      tosee the CVE numbers.
      qualys-audit-trail.png
      Click
      Host Findings
      for information related to vulnerabilities. The Source column in Host Findings displays the Qualys icon to help you easily identify the source for the vulnerability findings.
      qualys-host-findings.png
      Network Query
      network where dest.resource IN ( resource where hostfinding.type = 'Host Vulnerability' )
      qualys-network-query.png
  4. Use the Qualys APIs on the CLI to confirm if API access is enabled for your account.
    If you have trouble connecting with Qualys API, enter your username, password, and the URL for the Qualys service in the following Curl examples:
    curl -H “X-Requested-With: Curl Sample” -u “Username:Password” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/?action=list&echo_request=1”
    curl -k “https://qualysapi.qg1.apps.qualys.in/msp/asset_group_list.php” -u “Username:Password”
    curl -k -H “X-Requested-With:curl” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/stats/?action=list” -u “Username:Password”

Related Documentation