Adding a Qualys scheduled import scan report
Add a scan report data import to schedule IBM QRadar to retrieve scan reports from your Qualys scanner.
Procedure
- On the Admin tab, click the VA Scanners icon, and then click Add.
- In the Scanner Name field, type a name to identify your Qualys scanner.
- Give your Qualys scanner a name and description.
- From the Type list, select Qualys Scanner.
-
Configure the following parameters:
Parameter Description Qualys server host name The fully qualified domain name (FQDN) or IP address of the QualysGuard management console. If you type the FQDN, the host name and not the URL, use the following syntax qualysapi.qualys.com or qualysapi.qualys.eu. Qualys username The user name that you specify must have access to download the Qualys KnowledgeBase. For more information about how to update Qualys subscription, see your Qualys documentation. Qualys password The password for your Qualys login. - If you use a proxy server, select the Use Proxy check box and configure the credentials for the proxy server.
- If a client certificate is required for your Qualys account, select the Use Client Certificate check box and configure the Certificate File Path field and Certificate Password fields.
- From the Collection Type list, select Scheduled Import - Scan Report. This option pulls in the scan results from the Scans tab of the Qualys Enterprise console.
-
Configure the following parameters:
Parameter Description Option Profiles The name of the option profile to determine which scan to start. QRadar retrieves the completed live scan data after the live scan completes. Live scans support only one option profile name per scanner configuration. Scan Report Name Pattern The regular expression (regex) to filter the list of scan reports. Max Reports Age (Days) Files that are older than the specified days and time stamp on the report file are excluded when the schedule scan starts. Import File The directory path to download and import a single scan report from Qualys, for example, /qualys_logs/test_report.xml. If you specify an import file location, QRadar downloads the contents of the asset report from Qualys to a local directory and imports the file. If you leave this field blank, or if the file or directory cannot be found, the Qualys scanner uses the API to retrieve the asset report by using the value in the Options Profile field. - To create custom vulnerabilities from the live scan data, select the Enable Custom Vulnerability Creation check box, and then select options that you want to include.
- To configure a CIDR range for your scanner, configure the CIDR range parameters and click Add.
- Click Save.