Qualys Integration

Asset Manager helps your Qualys Enterprise server work better by comparing Qualys-subscribed and Qualys-scanned IPs with Asset Manager-indexed hosts in the same network space. Qualys receives up-to-the-minute endpoint data from Asset Manager at every polling interval, enabling Qualys to saturate a network space with its service, thereby eliminating any and all gaps in coverage and ensuring the comprehensive provision of Qualys Management to Qualys customers.

The Qualys integration also supports Asset Manager's new Qualys Management dashboard, which provides device details on IPs managed by Qualys, IPs managed by Asset Manager, and IPs managed by both services. 

  1. At your Asset Manager Command Center GUI, browse to Settings > Integrations > Qualys.
    Note:
    The Qualys Integration is configured from a Command Center's web interface (GUI) only and not its command-line interface (CLI).
  2. Complete the form as follows:
    1. Toggle the status indicator to On to enable the Qualys integration.
    2. Set the Polling Interval.
      The default value of 24 hours is generally appropriate and can also be adjusted later, if desired.
    3. Enter the name of your Qualys server.
    4. Enter the login credentials to it (i.e., Username and Password).
    5. Set your Auto-Subscribe preference:
      1. Select the Auto-Subscribe option to automatically push Asset Manager-indexed endpoints to the subscription pool managed by Qualys. This expands Qualys' subscription pool by incorporating Asset Manager-indexed hosts.
      2. Clear the Auto-Subscribe option to do two things:
        1. Create an asset group on Qualys that represents hosts that are both Asset Manager-indexed AND Qualys-subscribed, yet are not in the Qualys Scan group.
        2. Push to diff–that is hosts not in the Qualys Scan group yet are represented in BOTH Asset Manager-indexed and Qualys-subscribed to the Qualys server.
    6. Click Submit to save the configuration.

Once you have done so, Asset Manager-indexed devices that Qualys doesn't know about are incorporated to Qualys Managed and Subscription management services. At each polling interval, the integration is run and a refresh of endpoint data is pushed to the Qualys server.

Here's how it works:

    1. At every polling interval, Asset Manager retrieves a list of Scanned/Managed hosts (yellow) and a list of Subscribed hosts (red) from Qualys. This information populates two tables on Asset Manager (i.e., qualys_scanned_ips table and qualys_subscribed_ips table) and ultimately feeds the Qualys Management dashboard on Asset Manager.


      Legend
      Blue - Asset Manager-Indexed IPs
      Red - Qualys-Subcribed IPs
      Yellow - Qualys-Scanned/Managed IPs
      Note: Qualys-Scanned/Managed hosts (yellow) are always a subset of Qualys-Subscribed hosts (red).



      1. At the first polling interval, Asset Manager creates an asset group container on the Qualys server called Asset Manager_Spectre_DISCOVERED.

      2. Asset Manager checks and refreshes the contents of the Asset Manager_DISCOVERED asset group at every subsequent polling interval. Note:  This is different from IPsonar, where a new asset group is created each time a report is generated.
         
      3. Asset Manager ingests all of the IPs on Asset Manager_DISCOVERED to the qualys_scanned_ips table on Asset Manager.



      4. Asset Manager ingests all Subscribed IPs from Qualys' server to Asset Manager's qualys_subscribed_ips table.

  1. Additionally, when an Asset Manager user enables Auto-Subscribe (i.e., Settings > Integrations > Qualys > Auto-Subscribe), several events happen:


    1. First, Asset Manager-Indexed hosts (blue) not present in Qualys' Subscribed list (red) are added to Qualys' Subscribed list (red).


    2. Asset Manager then identifies hosts in the Qualys Subscribed list (red) that are not in the Qualys Managed list (yellow) and pushes those to the Asset Manager_DISCOVERED asset list on Qualys.



  2. When an Asset Manager user disables Auto-Subscribe, IPs that are common to both Asset Manager-Indexed and Qualys-Subscribed but are not in Qualys-Managed are added to Asset Manager_DISCOVERED.
  3. Widgets on Asset Manager's Qualys Management dashboard are populated using a combination of IPs indexed by Asset Manager and IPs from the qualys_scanned_ips table and the qualys_subscribed_ips table, as follows:

    Widget Label Description Image
    IPs Unmanaged by Qualys

    IPs indexed by Asset Manager yet unmanaged by Qualys

    (aka Asset Manager-Indexed - Qualys-Subscribed table on Asset Manager)

    IPs Unmanaged by Asset Manager IPs managed by Qualys yet not indexed by Asset Manager
    (aka Qualys-Scanned/Managed table on Asset Manager - Asset Manager-Indexed)
    Qualys and Asset Manager Managed IPs IPs both indexed by Asset Manager and in Qualys managed list
    (aka Intersection of Asset Manager-Indexed and Qualys-Scanned/Managed table on Asset Manager)