Qualys AssetView (AV) is a cloud-based asset inventory service that provides visibility and actionable data on global IT assets in an organization.
To import your Asset Data from QualysAV to Cisco Vulnerability Management, you will need to use the QualysAV Connector under the Discovery section in the Cisco Vulnerability Management UI.
Important: QualysAV is not a connector that is available in the default Connectors Page view. If you are interested in using this connector, contact your CX team or Cisco Support who can enable the Connector for you.
The QualysAV Connector is an incremental connector run by default. If you would like Cisco to initiate a full connector run, contact your CX team or Cisco Support. The first QualysAV run is a Full-Run by default, and incremental thereafter.
User Prerequisites/Connector Setup
-
Given that QualysAV is a cloud based service, no VT or Agent is required.
-
The service account you want to leverage will import all data available. If the Service Account cannot see all assets you want to import, you will need to modify permissions for the service account in Qualys.
-
You must be a Cisco Vulnerability Management administrator
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. in the Discovery section, click Qualys AssetView.
4. On the Qualys AssetView page, enter the following information:
-
Name: Enter a name for the connector, or leave it as “Qualys AssetView”.
-
Username and Password: Enter the credentials for the service account that you want to use.
-
Schedule: Select the frequency that you’d like your Connector to run. (Cisco recommends running CMDB/Asset Data connectors as often as you update these items in those tools).
-
Asset Inactivity Limit: enter a time in days for the connector level asset inactivity limit.
5. Click Save and Verify.
If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later.
Note: Assets that the Qualys AssetView connector sees should not have their asset last seen times updated by the connector. This is because QualysAV does not bring in Vulnerability Data. We do not want to give the false impression that an asset has been scanned more recently than your last actual vulnerability scan.
What Qualys Asset View Items does Cisco Vulnerability Management Import and what API Calls are involved?
Cisco Vulnerability Management will import all of the data associated with the user leveraged for the connector.
Qualys Field |
Cisco Vulnerability Management Field |
Notes |
---|---|---|
-- |
Last Seen |
This field is skipped by default with Qualys Asset View. Assets that are seen by the Qualys AssetView connector should not have their asset last seen times updated by the connector. This is because QualysAV does not bring in Vulnerability Data. We do not want to give the false impression that an asset has been scanned more recently than your last vulnerability scan. |
qweb_id |
external_id |
|
dns_hostname |
hostname |
|
address |
ip_address |
|
netbios |
netbios |
|
port.number |
port |
|
Optional Settings
The following settings can be enabled on the backend for Qualys AssetView Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
Skip Tags
- This setting enables you to not create any Tags in Cisco Vulnerability Management based on the scanner metadata.
Custom Ordered Locators
- Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.
Set Page Size
- Page size by default is 1000. If you want to change this to a different value, Cisco Support or CX can do this for select connectors, including QualysAV.
Common Reasons for QualysAV Connector Run Failures
- Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
- If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
- If an API call fails (no data available, or other reasons).
- If Cisco Vulnerability Management receives data that is not in the expected format and we are unable to process it, the connector will fail.
- If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run
Additional Assistance
Contact Support if you require any additional assistance with the QualysAssetView Connector.
Comments
Please sign in to leave a comment.