QualysWAS Connector

Qualys Web Application Scanning (WAS) is a cloud-based service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS), SQL injections, and more.

Kenna.AppSec users can use the QualysWAS Connector to import your web-application scan information into Kenna to assist you in reducing risk across your applications.

Platform support:

Currently, Kenna supports the following QualysWAS Regions:

  • Qualys cloud: US1, US2, US3, EU1, EU2, Qualys Canada, and Qualys India

  • No support for on-premise/private Qualys clouds

User prereqs/Qualys setup:

  • Must have API access

  • Must manually log into Qualys once to complete registration

  • Kenna will "see" whatever the Qualys user account can access

Configuring Your Qualys Connector in Kenna

Once you select the Qualys VM icon from the Kenna Connectors page, you will see a screen like this:

 

lmj.png

  • Enter a name for the connector - or leave it as the default QualysWAS

  • Select the Qualys POD/Region that your Qualys instance resides on

  • Enter your Qualys username and password

  • Select the frequency that you want to run your Kenna QualysWAS Connector (We suggest the same cadence at which you run scans)

  • Save & Verify

  • Tip: At this time you can also enter a custom asset inactivity limit that would apply to all data ingested via the connector. We recommend 2-3x the scan frequency.

What QualysWAS items are synced with Kenna items?

QualysWAS Field

Kenna Field

Notes

finding > webApp > name

Application identifier

Search for Application identifier in Kenna by using the custom query box and typing application:""

finding > url

URL

 

source_asset_id

External ID

 

root > os

Operating System

 

N/A

Vulnerability Status

Vulnerability status is Open or Closed. We do not map False Positives or Triage States. Open vulnerabilities are reported in application scan reports. Closed vulns are excluded from the report, and Kenna autocloses those vulnerabilities.

Reference

Vulnerability Name

 

finding > severity

scanner_score

 1-5

qid

CWE

 

qid

WASC ID

As relevant. Some QIDs will bring WASC items.

Fix Hash > solution

Solution

 

Fix Hash > diagnosis

Description

 

firstDetectedDate

Found On

 

lastDetectedDate

Last Seen

 

Tag Node
'Source Asset-Application Name'

Tags**

These items are turned into Tags in Kenna

 

Which QualysWAS Items Does Kenna Leave Out?

  • **Hierarchical tags on WAS are not automatically passed over via the API calls we make to QualysWAS.
    • Unlike the QualysGuard connector where we use the additional 'Tags' endpoint to fetch hierarchical tags (normal asset tags come over from Hosts endpoint), QualysWAS does not auto-import Hierarchical Tags. 
    • If you would like Hierarchical tags to be passed along, they will need to be manually applied to the applications themselves in QualysWAS. Kenna will then pick these up as normal Tags. 
  • Custom Fields 
    • Kenna does not import custom field information

 

What API Calls Are Involved?

The API endpoints we leverage are:

qps/rest/3.0/count/was/webapp

host:port/qps/rest/3.0/search/was/wasscan

host:port/qps/rest/3.0//download/was/wasscan/{scan_id}

 

Optional Settings

The following settings can be enabled on the backend for QualysWAS Connectors. To get these settings enabled or for more information contact your Customer Experience (CX) team.

  • Exclude Non-Exploitable Vulnerabilities

    • When this option is enabled, vulnerabilities that are not exploitable due to configuration will not be imported.

  • Exclude Informationals

    • When this option is enabled, Kenna will not import vulnerabilities that do not include a CVE or CWE.

  • Filter Potential Vulnerabilities

    • When this option is enabled, Kenna will not import potential vulnerabilities.

  • Skip Tags 

    • This setting will allow you to NOT create any Tags within Kenna based on the Qualys metadata.

  • Tag Reset

    • This setting will assist in keeping your Qualys metadata in sync within Kenna. Each time the connector is run, ALL tags within Kenna will be removed and the Qualys metadata will be re-created.

    • If you have created any manual tags OR any tags were created off of metadata from other connectors it will be removed and will be refreshed once those connectors run.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Kenna to be the scanner reported last seen time.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

Common Reasons for QualysWAS Connector Failures:

  • Bad Credentials

  • No reports are found, Kenna will abort

  • Failed API calls.

  • Inability to process unexpected data/format

  • If more than 1% of connector payloads fail, Kenna will auto-fail the Connector Run.

  • Uncommon reason: if your QualysWAS License is a trial license, Kenna may run into API blocks and subsequently import 0 records. We will hit the API, but will return zero records even if there is data present. To solve this you will need to have your deployment upgraded to a regular subscription to prevent data in the platform from being overwritten with 0-payload connector runs.
  •  

 

Additional Assistance:

Please contact Kenna Support should you require any additional assistance with the QualysWAS Connector(s).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.