Skip to main content
Skip table of contents

Qualys

Qualys is a cloud-based solution that detects vulnerabilities on all networked assets, including servers, network devices (routers, switches, firewalls, etc.), peripherals (IP-based printers or fax machines) and workstations. This article covers Qualys-related capabilities and explains how to integrate Qualys with Cloudaware.

Qualys - CA_logo_black.png To see how Cloudaware seamlessly integrates with Qualys in action, request a demo.

Cloudaware CMDB and the Breeze agent support the Qualys Vulnerability Scanning Service. The integration supports several use cases:

  • Qualys as a data source

  • Qualys Breeze plugin

  • Qualys as a vulnerability scanning provider

Qualys as a data source

Cloudaware CMDB supports AWS, Azure, and Google Cloud. Using Qualys API, Cloudaware enhances CMDB inventory data.

For example, for every EC2, Azure, and GCE instance, Cloudaware retrives the Last Scan Date from Qualys. CMDB users can build reports to identify instances that that have never been scanned or have not been scanned recently.

Cloudaware extracts or calculates the following fields from Qualys:

  • Last Scan Date

  • Last Scan Result

  • Critical Vulnerabilities Count

  • High Vulnerabilities Count

  • Medium Vulnerabilities Count

  • Low Vulnerabilities Count

Cloudaware enriches these CMDB object types with Qualys data:

  • AWS EC2 Instance

  • Azure VM

  • Azure Scale Set VM

  • GCE Instance

  • Physical Server

  • VMWare Virtual Machine

In addition, complete vulnerability scan results are downloaded into CMDB. These results include all standard fields from Qualys, such as CVSS Base Score, Risk, Remediation Instructions, and Impact. Vulnerabilities contain all standard fields from Qualys, such as CVSS Base Score, Risk, Remediation Instructions, Impact, etc.

Key benefits

  • Measure scan coverage: identify unscanned instances or those not scanned for a long time.

  • Create vulnerability reports: combine Qualys data with data from cloud providers and other CMDB sources. For example, group critical vulnerabilities by AWS account owner or application, or filter by cloud provider tags.

  • Measure metrics such as mean time to remediation (MTTR) and scan frequency.

  • Establish a complete risk profile by identifying instances with critical vulnerabilities that are also in permissive or public security groups, subnets, or VPCs.

Qualys Breeze plugin

Cloudaware Breeze is an agent that can be optionally deployed to cloud compute, virtual, and on-prem instances. Breeze collects OS-level data, including installed packages, patches, services, users, and performance metrics.

The Breeze agent provides several Qualys-related capabilities:

  1. Discover and interrogate the Qualys Agent state and version.
    Qualys is a supported software in Breeze’s software asset management capability. CMDB users can use Breeze agent data to create software asset inventory reports showing which versions of Qualys are installed. In addition, Breeze catalogs the state of the Qualys Agent - whether it is running or not.

  2. Install, uninstall, or configure the Qualys Agent.
    In DevOps mode, Breeze can install and configure the Qualys Agent in addition to monitoring its state. If the agent is corrupt or missing, not starting, or otherwise malfunctioning, Breeze reinstalls it to enforce the desired state. Breeze supports Qualys Agent deployment on all Breeze-supported operating systems.

License management

The Breeze agent coordinates with CMDB to manage Qualys Agent registration and de-registration. During registration, CMDB provides CMDB provides Breeze with Qualys registration keys based on instance attributes such as cloud account ID, VPC, or application name.

When CMDB detects instances that have been stopped or terminated for more than 24 hours, it issues a de-registration request directly to the Qualys API.

When the server restarts, Breeze re-registers the Qualys Agent automatically.

Vulnerability scanning provider

Cloudaware offers Vulnerability Scanning as a Service (VSaaS). With VSaaS, Cloudaware ensures that all infrastructure is scanned at least once per week.

Cloudaware VSaaS supports Qualys as the vulnerability scanning provider. The Breeze agent automatically deploys the Qualys Agent and performs at least one scan every 7 days.

When subscribing to VSaaS, customers can either bring their own Qualys licenses or use licenses provided by Cloudaware.

Permissions and settings

If Qualys is used only as a data source, the Reader role is sufficient for Cloudaware (see User Roles Comparison).

If Cloudaware or Breeze manages agent deployment, activation and de-activation, Cloudaware user additional permissions to install, uninstall, and activate/deactivate agents.

Setup in Cloudaware

  1. Log in to Cloudaware → Admin.

    Qualys - setup in Cloudaware - admin.png

  2. Find Qualys in Security integrations. Click +ADD.

    Qualys - setup in Cloudaware - admin - add Qualys integration.png

  3. Fill out the form:

    Qualys - setup in Cloudaware - Qualys integration details.png

    WHERE

    Name – a name for the Qualys integration
    API URL – the valid Qualys API URL with the correct platform identifier
    Username – the Qualys username
    Password – the Qualys password

    Click SAVE.

  4. A green light in the ‘Status’ column indicates successful configuration. If the light is red, contact support@cloudaware.com.

    Qualys - setup in Cloudaware - integration status.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close