Qualys AssetView (AV) is a cloud-based asset inventory service that provides visibility and actionable data on global IT assets within an organization.
To import your Asset Data from QualysAV to the Cisco Vulnerability Management Platform, you will need to leverage the QualysAV Connector under the “Discovery” category on the Connectors page.
Important: QualysAV is not a connector that is available in the default Connectors Page view. If you are interested in utilizing this connector, please speak with your CX team or Support to enable the Connector. They will be able to enable the Connector for your use.
The QualysAV Connector is an incremental connector run by default. If you would like us (Cisco) to initiate a full connector run, please contact your CX team or Support. The first QualysAV run is a Full-Run by default, and incremental thereafter.
User Prerequisites/Connector Setup:
-
Given that QualysAV is a cloud based service, no VT or Agent is required.
-
The service account you wish to leverage will import all data available. If the Service Account cannot see all assets you wish to import, you will need to modify permissions for the service account within Qualys.
Configuring your Connector in Cisco Vulnerability Management
To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select Qualys AssetView.
Once you select Qualys AssetView, the following screen will appear:

-
Enter a name for the connector, or leave it as “Qualys AssetView” if you wish.
-
Enter the username and password for the service account you wish to leverage.
-
Schedule the Connector. Select the frequency at which you’d like your Connector to run. (we recommend running CMDB/Asset Data connectors as often as you update these items in those tools).
-
Click Save and Verify.
-
If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later.
Note: Assets that are seen by the Qualys AssetView connector should not have their asset last seen times updated by the connector. This is because QualysAV does not bring in Vulnerability Data. We do not want to give the false impression that an asset has been scanned more recently than your last actual vulnerability scan.
What Qualys Asset View Items does Cisco Vulnerability Management Import and what API Calls are involved?
Cisco Vulnerability Management will import all of the data associated with the user leveraged for the connector. We will pull:
Qualys Field |
Cisco Vulnerability Management Field |
Notes |
---|---|---|
-- |
Last Seen |
This field is skipped by default with Qualys Asset View. Assets that are seen by the Qualys AssetView connector should not have their asset last seen times updated by the connector. This is because QualysAV does not bring in Vulnerability Data. We do not want to give the false impression that an asset has been scanned more recently than your last vulnerability scan. |
qweb_id |
external_id |
|
dns_hostname |
hostname |
|
address |
ip_address |
|
netbios |
netbios |
|
port.number |
port |
|
Optional Settings
The following settings can be enabled on the backend for Qualys AssetView Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
-
Skip Tags
-
This setting will allow you to NOT create any Tags within Cisco Vulnerability Management based on the scanner metadata.
-
-
Custom Ordered Locators
-
Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.
-
-
Set Page Size
-
Page size by default is 1000. If you wish to change this to a different value, Support or CX can do this for select connectors, including QualysAV.
-
Common Reasons for QualysAV Connector Run Failures
- Bad Credentials
- If you enter the incorrect connector credentials during the connector setup, we will not have access to the environment to make the API calls.
- If no reports are found we will abort the Connector run, rather than fail it outright
- If an API call fails (no data available, or other reasons)
-
Unexpected data returned
-
If Cisco Vulnerability Management receives data that is not in the expected format and we are unable to process it, the connector will fail.
-
-
If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run
Additional Assistance:
Please contact Support should you require any additional assistance with the QualysAssetView Connector.
Comments
Please sign in to leave a comment.