Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Qualys Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Qualys API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "qualys" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

In RESOURCES > Reports, search for "qualys" in the main content panel Search... field to see the reports associated with this device. 

Configuration

Qualys API

Create a user name and password that FortiSIEM can use as access credentials for the API. 

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. . For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Use Host Name for IP Range in Access Credentials

Enter the host name for your Qualys service rather than an IP address when associating your access credentials to an IP range.

Settings for Qualys Vulnerability Scanner API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name qualys
Device Type Qualys QualysGuard Scanner
Access Protocol Qualys API
Pull Interval (minutes) 5
Port 443
User Name A user who has access to the vulnerability scanner over the API
Password The password associated with the user

Qualys Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Qualys API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "qualys" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

In RESOURCES > Reports, search for "qualys" in the main content panel Search... field to see the reports associated with this device. 

Configuration

Qualys API

Create a user name and password that FortiSIEM can use as access credentials for the API. 

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. . For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Use Host Name for IP Range in Access Credentials

Enter the host name for your Qualys service rather than an IP address when associating your access credentials to an IP range.

Settings for Qualys Vulnerability Scanner API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name qualys
Device Type Qualys QualysGuard Scanner
Access Protocol Qualys API
Pull Interval (minutes) 5
Port 443
User Name A user who has access to the vulnerability scanner over the API
Password The password associated with the user