Fortinet black logo

External Systems Configuration Guide

Qualys Vulnerability Scanner

Qualys Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Qualys API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "qualys" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In RESOURCES > Reports, search for "qualys" in the main content panel Search... field to see the reports associated with this device.

Configuration

Qualys API

Create a user name and password that FortiSIEM can use as access credentials for the API.

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. . For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Use Host Name for IP Range in Access Credentials

Enter the host name for your Qualys service rather than an IP address when associating your access credentials to an IP range.

Settings for Qualys Vulnerability Scanner API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

SettingValue
Namequalys
Device TypeQualys QualysGuard Scanner
Access ProtocolQualys API
Pull Interval (minutes)5
Port443
User NameA user who has access to the vulnerability scanner over the API
PasswordThe password associated with the user

Qualys Vulnerability Scanner

Qualys Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Qualys API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "qualys" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In RESOURCES > Reports, search for "qualys" in the main content panel Search... field to see the reports associated with this device.

Configuration

Qualys API

Create a user name and password that FortiSIEM can use as access credentials for the API.

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. . For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Use Host Name for IP Range in Access Credentials

Enter the host name for your Qualys service rather than an IP address when associating your access credentials to an IP range.

Settings for Qualys Vulnerability Scanner API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

SettingValue
Namequalys
Device TypeQualys QualysGuard Scanner
Access ProtocolQualys API
Pull Interval (minutes)5
Port443
User NameA user who has access to the vulnerability scanner over the API
PasswordThe password associated with the user