Use the QualysGuard Vulnerability Management Connector to import your vulnerability scan information into Kenna to assist you in reducing risk across your environment.
Currently, Kenna supports the following Qualys PODs:
- Qualys cloud: US1, US2, US3, EU1, EU2, Qualys Canada, and Qualys India
- No support for on-premise/private Qualys clouds
User prereqs/Qualys setup:
- Must have API access
- Must manually log into Qualys once to complete registration
- Kenna will "see" whatever the Qualys user account can access
- User must be a "manager account" in order to pull hierarchical tag data from Qualys
Configuring Your Qualys Connector in Kenna
Once you select the Qualys VM icon from the Kenna Connectors page, you will see a screen like this:
- Enter a name for the connector
- Select the Qualys POD/Region that your Qualys instance resides on
- Enter your Qualys username and password
- Select the frequency that you want to run your Kenna Qualys Connector
- Save & Verify
What Qualys items are turned into Kenna Tags?
The following metadata from Qualys will be converted into tags within Kenna. These tags can then be used during search queries or to create risk meter groups.
- Asset Groups
- Business Units
Vulnerability Date Information
Within Kenna, you will notice several dates in the Vulnerabilities tab. When importing your Qualys data, the following criteria is used to populate these date fields.
- "Found" within Kenna is when Qualys first detected the vulnerability
- "Last Seen" within Kenna is the last date Qualys detected the vulnerability
- "Created" within Kenna is the date the vulnerability was entered into Kenna
Qualys Connector API Calls
The following API calls are performed during a connector run to retrieve the Qualys information and import it into the Kenna Platform.
- Tags: https://qualysapi.qualys.com/qps/rest/2.0/search/am/tag
- Hosts: https://qualysapi.qualys.com:443/api/2.0/fo/asset/host/?action=list&show_tags=1&details=Basic/AGs
- Detections: https://qualysapi.qualys.com:443/api/2.0/fo/asset/host/vm/detection/?action=list&show_tags=1&status=New,Active,Re-Opened,Fixed
The following settings can be enabled on the backend for Qualys Connectors. To get these settings enabled or for more information contact your Customer Success Engineer.
- Exclude Non-Running Kernels
- When this option is enabled, vulnerabilities found on non-running Linux kernels will not be imported.
- Exclude Non-Exploitable Vulnerabilities
- When this option is enabled, vulnerabilities that are not exploitable due to configuration will not be imported.
- Exclude Informationals
- When this option is enabled, Kenna will not import vulnerabilities that do not include a CVE.
- Exclude Potential Vulnerabilities
- When this option is enabled, Kenna will not import potential vulnerabilities.
- Use Qualys Host ID as External ID
- When this option is enabled, Kenna will use the Qualys Host ID as the External ID.
- The Qualys Host ID is a unique identifier created when scans are run using agentless tracking or the Qualys Cloud Agent.
- Users must enable agentless tracking on their Qualys subscription.
- Skip Tags
- This setting will allow you to NOT create any Tags within Kenna based on the Qualys metadata.
- Tag Reset
- This setting will assist in keeping your Qualys metadata in sync within Kenna. Each time the connector is run, ALL tags within Kenna will be removed and the Qualys metadata will be re-created.
- If you have created any manual tags OR any tags were created off of metadata from other connectors it will be removed and will be refreshed once those connectors run.
- Active Asset Tags
- This setting ensure that tags used in Tag Reset only come from assets that have not passed the configured asset expiration period. This ensures that old Qualys records are no impacting Kenna data.
- Pass the date a "Re-opened" status is assigned to a vuln into a custom field in Kenna
- This requires that a custom field be created in Kenna, to which we can write the <date> any specific vulnerability is re-opened in Qualys. This allows tracking for "re-opened" vulns via custom field, given Kenna does not support a "Reopened" status.