Skip to main content
Qualys Connection

This article walks through the details of configuring Qualys to connect to Drata.

Updated over a month ago

Connecting Qualys to Drata allows for the automated, continuous monitoring of SLA due dates and evidence collection of vulnerabilities issues required for compliance.

This integration automates evidence collection for the Vulnerability Scanning test, which is mapped to DCF-18 by default. You can view findings by selecting the View Findings button after connecting or navigating directly to the Vulnerabilities page through the left-side navigation menu.

Prerequisite

  • Create a Qualys user account in the Vulnerability Management module. It is recommended to create an user account specifically for this access to ensure proper auditing and access controls without impacting other users.

    1. Log into your Qualys console. Under the Vulnerability Management module, select the “Users” tab.

    2. In the top right of the User table, select "New" then "User".

    3. Enter a first name and last name (such as “API”, “User”) and then attach a valid email address within your organization; this can be an alias or service account.

      • Role: Reader.

      • Access section: Enable both GUI and API access.

      • Business Unit section: Assign the relevant Business Unit based on the data the account will access. If you are unsure, you can select Unassigned.

      • Asset Groups section: Assign all relevant Asset Groups that the account needs to access. In many cases, select All Asset Groups.

      • Permissions section: Select the Manage VM Module (Vulnerability Management) option.

      • Notifications section: Uncheck all notification options. No notifications are required for this configuration.

      • Two-Factor Authentication section: Disable or uncheck the Symantec VIP option.

    4. Once the user is created, you will receive an email with a link to activate the account. Select the link and a password will be provided for the new user.

      • Log in to the Qualys console with the new user to finish the activation process.

    5. Ensure CVSS data is enabled.

      • Go to the Vulnerability Management module and select Reports tab then Setup tab.

      • Open the CVSS tile.

      • Ensure that the Enable CVSS Scoring checkbox is checked. (There is an image to show this setting. I will add it in the comment.)

Note: Drata will pull up to 1,000 new or updated vulnerabilities for each connection daily, ordered by severity from critical to low. You can select what kind of vulnerabilities will be synced based on the severity when connecting.

Connect Qualys to Drata

  1. Select Connections from the left-side navigation menu.

  2. Go to the Available Connections tab and search for "Qualys".

    • Alternatively, you can select Vulnerability Scanning under the Types section of the connections to search for the connection.

  3. In the connection drawer, you can select the severity and the date of the vulnerabilities you want to sync. These selections will also be included in the test result report for visibility.

    • Severity of vulnerabilities: Select the severity level of the vulnerabilities that you want to sync into Drata for compliance monitoring. Critical and High are auto-selected. Drata will bring up to 1000 new vulnerabilities or updates to vulnerabilities, sorted by severity.

    • First seen on: Select the date when the vulnerabilities you want to sync were first created. All vulnerabilities detected on and after this date will be synced.

  4. Select the connect button to proceed.

  5. Enter the required fields:

    • Username: Enter the name displayed in the Login column in Qualys that is related to the newly created account.

      • You can find the Login column on the Qualys Users page.

    • Password: Enter the related password.

Once the connection is successfully created, you can select the View Findings button on the connection card or navigate to the Vulnerabilities page to review and manage the synced vulnerabilities for compliance monitoring. Learn more at Vulnerabilities help article.


Did this answer your question?