Integrate RedLock with Qualys

RedLock integrates with the Qualys platform to ingest and visualize the vulnerability data.
  1. Gather the information that you need to set up Qualys Integration in RedLock.
    • Qualys POD/SOC server API URL. To get the API URL, on your Qualys account, click Help -> About. You can find the Qualys API URL under Qualys Scanner Appliances. While entering this URL into Qualys API Server URL field, leave out :443.
      qualys-azure-api-server-url.png
    • The Qualys User should have API Access enabled.
    • The Qualys User should have Manager or Unit Manager role.
    • The Qualys user account should have Vulnerability Management (VM), Cloud Agent (CA), and Asset View (AV) enabled.
    • The Qualys account should have Qualys API and Qualys EC2 API access enabled.
    • Qualys Sensors for AWS cloud such as Virtual Scanner Appliances, Cloud Agents, AWS Cloud Connectors, Internet Scanners have to be setup to be able integrate with RedLock. See Qualys documentation for information.
    • For Azure accounts, deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM). See Qualys documentation.
    • You can use Qualys Cloud Agents (Windows and Linux) for Azure instances from the Azure Security Center console and view vulnerability assessment findings within Azure Security Center and your Qualys subscription. See Qualys Documentation .
    • Make sure that Azure VM Information is visible in Qualys.
      qualys-azure-vm-info.png
  2. Set up Qualys Integration in RedLock.
    1. Select SettingsIntegrations.
    2. Click +New Integration to create new integrations.
    3. Set the Integration Type as Qualys.
    4. Enter a Integration name and a description.
    5. Enter the API URL of your Qualys account in Qualys API Server URL (without http[s]) that you got in Step 1.
    6. Enter your Qualys User Login and Password.
    7. Click Next and then click Test.
      qualys-add-integration-in-redlock.png
    8. Click Save.
      The integration will be listed on the Integrations page. You can enable, disable, or delete your integration from this page.
  3. View Qualys host vulnerability data in RedLock.
    1. After the RedLock service has access to the Qualys findings, you can use the following RQL queries for visibility into the host vulnerability information collected from Qualys.
      Config Query
      config where hostfinding.type = 'Host Vulnerability' 
      qualys-host-vulnerability.png
      Click on the resource to get information about vulnerabilities. From Audit Trail, you can get the CVE numbers.
      qualys-audit-trail.png
      Click Host Findings for information related to vulnerabilities.
      qualys-host-findings.png
      Network Query
      network where dest.resource IN ( resource where hostfinding.type = 'Host Vulnerability' )
      qualys-network-query.png
  4. If you have trouble connecting with Qualys API, use these Qualys APIs in CLI to confirm if the API access is enabled for your account.
    Replace the User name, Password and URL in the CLI with your User name, Password and your Qualys URL.
    curl -H “X-Requested-With: Curl Sample” -u “Username:Password” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/?action=list&echo_request=1”curl -k “https://qualysapi.qg1.apps.qualys.in/msp/asset_group_list.php” -u “Username:Password”curl -k -H “X-Requested-With:curl” “https://qualysapi.qg1.apps.qualys.in/api/2.0/fo/scan/stats/?action=list” -u “Username:Password”
    Code copied to clipboard
    Unable to copy due to lack of browser support.

Related Documentation