Qualys Cybersecurity Asset Management
Qualys Cybersecurity Asset Management (CSAM) is an asset management tool that provides visibility into your assets. You can bring asset and software information from Qualys CSAM into Brinqa to establish a comprehensive asset inventory, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Qualys CSAM and how to obtain that information from Qualys. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select CyberSecurity Asset Management from the Connector drop-down. You must provide the following information to authenticate Qualys CSAM with Brinqa:
-
API URL: The Qualys API Server URL. For information on how to determine your Qualys API URL, see Qualys documentation.
-
Username and Password: The username and password associated with the Qualys user, which must have permissions to log in to the API server and return data.
Create a Qualys user
To ensure the user account that the Qualys CSAM connector uses to access the Qualys server has the appropriate permissions, follow these steps.
-
Log in to your organization's Qualys server.
-
Click the the drop-down at the top of the page and under Utilities, select Administration.
-
Navigate to Users, and then click the User Management tab.
-
Click the Create User drop-down and select Create Reader User.
-
Fill out the general information for the new user.
-
Click User Role on the left menu.
From the User Role drop-down, select Reader.
-
Select GUI and API to enable API access, and leave Business Unit Unassigned.
-
-
Click Asset Groups on the left menu.
- From the Add asset groups drop-down, select Add All or only the asset groups the Qualys user needs access to.
-
Click Permissions on the left menu and select all of the available permissions.
-
Click Options to modify the notification options as needed.
-
Click Save.
The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.
If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.
If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.
Additional Settings
The Qualys CSAM connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 300. It is not recommended to go over 300.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 2.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Qualys CSAM API before giving up and reporting a failure. The default setting is 5.
Types of Data to Retrieve
The Qualys CSAM connector can retrieve the following types of data from Qualys:
Table 1: Data retrieved from Qualys CSAM
Connector Object | Required | Maps to Data Model |
---|---|---|
Asset | Yes | Host |
Installed Software | Yes | Installed Package |
Software | Yes | Package |
For detailed steps on how to view the data retrieved from Qualys CSAM in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Asset
Table 2: Asset attribute mappings
Source Field Name | Maps to Attribute |
---|---|
asset.assetId | uid |
asset.activity.lastScannedDate | lastScanned |
asset.agentId | Local variable |
asset.assetType | Local variable |
asset.assetUUID | Local variable |
asset.biosAssetTag | Local variable |
asset.biosDescription | Local variable |
asset.biosSerialNumber | Local variable |
asset.cpuCount | Local variable |
asset.createdDate, asset.inventory.created | firstSeen, sourceCreatedDate |
asset.hardware.taxonomy.category1 | Local variable |
asset.hardware.taxonomy.category2 | Local variable |
asset.hostId | Local variable |
asset.hwSerialNumber | Local variable |
asset.hwUUID | Local variable |
asset.inventory.lastUpdated | lastSeen, sourceLastModified |
asset.isContainerHost | Local variable |
asset.isHypervisor | Local variable |
asset.isVirtualMachine | Local variable |
asset.lastBoot | lastStarted |
asset.lastLoggedOnUser | Local variable |
asset.mostFrequentUser | Local variable |
asset.netbiosName | Local variable |
asset.operatingSystem.taxonomy.category1 | Local variable |
asset.operatingSystem.taxonomy.category2 | Local variable |
asset.sensorLastUpdatedDate | Local variable |
asset.tagList.tags.tag.tagName | tags |
asset.timeZone | Local variable |
asset.totalMemory | Local variable |
categories/asset category | categories |
dnsNames | dnsNames |
getDescription | description |
getHostname | hostname |
getName | name |
getOperatingSystem | operatingSystem |
hostnames | hostnames |
instanceId | instanceId |
ipAddresses | ipAddresses |
macAddresses | macAddresses |
privateDnsName | privateDnsName |
privateDnsNames | privateDnsNames |
privateIpAddresses | privateIpAddresses |
publicDnsName | publicDnsName |
publicDnsNames | publicDnsNames |
publicIpAddress | publicIpAddress |
publicIpAddresses | publicIpAddresses |
status | status |
Installed Software
Table 3: Installed Software attribute mappings
Source Field Name | Maps to Attribute |
---|---|
asset.assetId | targets |
generateSoftwareUid | type |
software.installDate | installDate |
software.installPath | installPath |
software.lastUseDate | Local variable |
uid | uid |
Software
Table 4: Software attribute mappings
Source Field Name | Maps to Attribute |
---|---|
generateSoftwareUid | uid |
getName | name |
getDescription | description |
software.version | revision |
software.publisher | publisher |
software.installDate | sourceCreatedDate |
software.lastUpdated | sourceLastModified |
software.architecture | Local variable |
software.category | Local variable |
software.category1 | Local variable |
software.category2 | Local variable |
software.component | Local variable |
software.edition | Local variable |
software.lifecycle.eolDate | Local variable |
software.lifecycle.eolSupportStage | Local variable |
software.lifecycle.eosDate | Local variable |
software.lifecycle.eosSupportStage | Local variable |
software.formerlyKnownAs | Local variable |
software.lifecycle.gaDate | Local variable |
software.ignoredReason | Local variable |
software.lifecycle.introDate | Local variable |
software.isIgnored | Local variable |
software.isPackage | Local variable |
software.isPackageComponent | Local variable |
software.language | Local variable |
software.license.category | Local variable |
software.lifecycle.lifeCycleConfidence | Local variable |
software.lifecycle.stage | Local variable |
software.marketVersion | Local variable |
software.lifecycle.obsoleteDate | Local variable |
software.packageName | Local variable |
software.productFamily | Local variable |
software.productName | Local variable |
software.productUrl | Local variable |
software.supportStageDesc | Local variable |
software.softwareType | Local variable |
software.update | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The Qualys CSAM connector supports the following operation options. See connector operation options for information about how to apply them.
Table 5: Qualys CSAM operation options
Connector Object | Option | All Possible Values | Description | Example |
---|---|---|---|---|
Asset | Level 2 operating system category | Any level 2 operating system category | A comma-separated list of level 2 operating system categories. Limit assets retrieved by the specified operating system category. For additional information, see Qualys CSAM documentation. | Key: operatingSystem.category2 Value: Windows Server ,Linux Server . This key and value combination only retrieves assets with the specified operating system categories. |
tags | Any Qualys asset tag | A comma-separated list of asset tags. Limit assets retrieved by the specified tags. For additional information, see Qualys CSAM documentation | Key: tags Value: Internet Facing Assets ,Production . This key and value combination only retrieves assets with the specified tags. |
The option keys and values are case-sensitive as they are shown in this documentation
APIs
The Qualys CSAM connector uses Qualys CyberSecurity Asset Management REST API v2. Specifically, it uses the following endpoints:
Table 6: Qualys CSAM API Endpoints
Connector Object | API Endpoint |
---|---|
Asset | GET /rest/2.0/search/am/asset |
Installed Software | GET /rest/2.0/search/am/asset |
Software | GET /rest/2.0/search/am/asset |
Changelog
The Qualys CSAM connector has undergone the following changes:
5.3.8
- No change.
5.3.7
- No change.
5.3.6
- No change.
5.3.4
- No change.
5.0.0
- Initial Integration+ release.