Adding a Qualys detection scanner

Add a Qualys detection scanner to use an API to query across multiple scan reports to collect vulnerability data for assets. The Qualys detection scanner uses the QualysGuard Host Detection List API .

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Qualys detection scanner.
  5. From the Managed Host list, select an option that is based on one of the following platforms:
    • On the QRadar® Console, select the managed host that is responsible for communicating with the scanner device.
    • On QRadar on Cloud, if the scanner is hosted in the cloud, the QRadar Console can be used as the managed host. Otherwise, select the data gateway that is responsible for communicating with the scanner device.
  6. From the Type list, select Qualys Detection Scanner.
  7. Configure the following parameters:
    Parameter Description
    Qualys Server Host Name The Fully Qualified Domain Name (FQDN) or IP address of the QualysGuard management console. If you type the FQDN, the host name and not the URL, for example, type qualysapi.qualys.com or qualysapi.qualys.eu.
    Qualys Username The user name that you specify must have access to download the Qualys KnowledgeBase. For more information about how to update Qualys subscription, see your Qualys documentation.
    Qualys Password The password for your Qualys login.
    Operating System Filter The regular expression (regex) to filter the scan data by the operating system.
    Asset Group Names A comma-separated list to query IP addresses by the asset group name.
    Host Scan Time Filter (Days) Host scan times that are older than the specified number of days are excluded from the results that Qualys returns.
    Qualys Vulnerability Retention Period (Days) The number of days that you want QRadar to store the Qualys Vulnerability Knowledge Base. If a scan is scheduled and the retention period is expired, the system downloads an update.
    Force Qualys Vulnerability Update Forces the system to update to the Qualys Vulnerability Knowledge Base for each scheduled scan.
  8. To configure a proxy, select the Use Proxy check box and configure the credentials for the proxy server.
  9. To configure a client certificate, select the Use Client Certificate check box and configure the Certificate File Path field and Certificate Password fields.
  10. Configure a CIDR range for your scanner, configure the CIDR range parameters and click Add.
    Restriction: The QualysGuard Host Detection List API accepts only CIDR ranges to a maximum of a single class A or /8 and must not encompass the local host IP address (127.0.0.1) or 0.0.0.0.
  11. Click Save.
  12. On the Admin tab, click Deploy Changes. Changes to the proxy configuration require a Deploy Full Configuration.