
Qualys Cybersecurity Asset Management
Asset Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Qualys CyberSecurity Asset Management (CSAM/GAV) connector integrates with the Qualys Global AssetView / CyberSecurity Asset Management platform to synchronize asset inventory data into the Brinqa platform. It uses the Qualys Asset Management REST API v2 (/rest/2.0/search/am/asset) to retrieve host assets along with their installed software.
The connector synchronizes the following categories of data:
- Hosts — Asset inventory records (on-premise and cloud hosts), including hardware, operating system, network, cloud provider, and WHOIS metadata
- Packages — Distinct software and operating-system packages discovered across assets
- Installed Packages — Software installations linking a package to the host it is installed on
Data retrieved from Qualys CyberSecurity Asset Management
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Package | Yes | Package |
| Installed Package | Yes | Installed Package |
Model relationships
For detailed steps on how to view the data retrieved from Qualys CyberSecurity Asset Management in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Qualys CyberSecurity Asset Management from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API URL | Yes | https://gateway.qg1.apps.qualys.com/ | Qualys platform API server url |
| Username | Yes | — | Qualys user login |
| Password | Yes | — | Qualys user password |
| Page size | No | 300 | Maximum number of records to get per API request |
| Parallel requests | No | Number of processors (max 2) | Maximum number of parallel API requests |
| Maximum retries | No | 5 | The maximum number of retry attempts before giving up a request |
Authentication
The connector authenticates using Username/Password credentials. A JWT bearer token is obtained from the Qualys gateway /auth endpoint and used for all subsequent API requests. Tokens are cached and refreshed on expiry (default lifetime 4 hours).
Endpoint
| Method | URL |
|---|---|
POST | {baseUrl}/auth |
Request Body
The credentials are sent as form-encoded parameters:
username=<username>&password=<password>&token=true
Usage
Once authenticated, all subsequent API requests include the token as a standard header:
Authorization: Bearer <jwt-token>
How to obtain Qualys CyberSecurity Asset Management credentials
Create a Qualys user
To ensure the user account that the Qualys CSAM connector uses to access the Qualys server has the appropriate permissions, follow these steps.
-
Log in to your organization's Qualys server.
-
Click the the dropdown at the top of the page and under Utilities, select Administration.
-
Navigate to Users, and then click the User Management tab.
-
Click the Create User dropdown and select Create Reader User.

-
Fill out the general information for the new user.
-
Click User Role on the left menu.
From the User Role dropdown, select Reader.
- Select GUI and API to enable API access, and leave Business Unit Unassigned.
Note: GUI access allows the user to log in to the Qualys GUI (graphical user interface). After you create the new Qualys user, log in to the Qualys GUI using the new credentials. The system prompts the user to reset their password. The Qualys connector will not function until you complete the password reset.

-
Click Asset Groups on the left menu.
- From the Add asset groups dropdown, select Add All or only the asset groups the Qualys user needs access to.
-
Click Permissions on the left menu and select all of the available permissions.
-
Click Options to modify the notification options as needed.
-
Click Save.
The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.
If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.
Note: If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Host
| Source Field Name | SDM Attribute |
|---|---|
asset.activity.lastScannedDate | LAST_SCANNED |
asset.agentId | AGENT_ID |
asset.asn | ASN |
asset.assetId | UID |
asset.assetType | ASSET_TYPE |
asset.assetUUID | ASSET_UUID |
asset.biosAssetTag | BIOS_ASSET_TAG |
asset.biosDescription | BIOS_DESCRIPTION |
asset.biosSerialNumber | BIOS_SERIAL_NUMBER |
asset.cpuCount | CPU_COUNT |
asset.createdDate, asset.inventory.created | FIRST_SEEN |
asset.createdDate, asset.inventory.created | SOURCE_CREATED_DATE |
asset.dnsName, cloud public/private DNS | DNS_NAMES |
asset.domain | DOMAIN |
asset.hardware.taxonomy.category1 | HW_CATEGORY |
asset.hardware.taxonomy.category2 | HW_TYPE |
asset.hostId | HOST_ID |
asset.hwSerialNumber | HW_SERIAL_NUMBER |
asset.hwUUID | HW_UUID |
asset.inventory.lastUpdated | LAST_SEEN |
asset.inventory.lastUpdated | SOURCE_LAST_MODIFIED |
asset.isContainerHost | IS_CONTAINER_HOST |
asset.isHypervisor | IS_HYPERVISOR |
asset.isp | ISP |
asset.isVirtualMachine | IS_VM |
asset.lastBoot | LAST_STARTED |
asset.lastBoot | LAST_BOOT |
asset.lastLoggedOnUser | LAST_LOGGED_ON_USER |
asset.mostFrequentUser | MOST_FREQUENT_USER |
asset.netbiosName | NETBIOS_NAME |
asset.operatingSystem.fullName / osName | OPERATING_SYSTEM |
asset.operatingSystem.lifecycle.eolDate | OS_EOL_DATE |
asset.operatingSystem.lifecycle.eosDate | OS_EOS_DATE |
asset.operatingSystem.lifecycle.gaDate | OS_GA_DATE |
asset.operatingSystem.lifecycle.stage | OS_LIFECYCLE_STAGE |
asset.operatingSystem.taxonomy.category1 | OS_CATEGORY |
asset.operatingSystem.taxonomy.category2 | OS_TYPE |
asset.organizationName | ORGANIZATION_NAME |
asset.sensorLastUpdatedDate | SENSOR_LAST_UPDATED |
asset.subdomain | SUBDOMAIN |
asset.tagList.tag[].tagName | TAGS |
asset.timeZone | TIMEZONE |
asset.totalMemory | TOTAL_MEMORY |
asset.whois[].createdDate | WHOIS_CREATION_DATE |
asset.whois[].registrantEmail | WHOIS_REGISTRANT_EMAIL |
asset.whois[].registrantOrganization | WHOIS_REGISTRANT_ORGANIZATION |
asset.whois[].registrar | WHOIS_REGISTRAR |
ASSET_CATEGORY_HOST (+ virtual machine / cloud resource, + hardware taxonomy) | CATEGORIES |
| cloud + NIC IPv4 addresses | IP_ADDRESSES |
| cloud + NIC MAC addresses | MAC_ADDRESSES |
cloud hostname / asset.dnsName / asset.netbiosName / asset.assetName / asset.assetUUID / asset.assetId | NAME |
cloud hostname, asset.networkInterfaceListData.networkInterface.hostname, derived hostname | HOSTNAMES |
cloud instance state (normalized, default active) | STATUS |
| cloud private IP, private NIC IPv4 | PRIVATE_IP_ADDRESSES |
| cloud public IP, public NIC IPv4 | PUBLIC_IP_ADDRESSES |
ec2.instanceId / azure.vm.vmId / gcp.compute.instanceId / oci.compute.ociId | INSTANCE_ID |
ec2.privateDNS, private asset.dnsName | PRIVATE_DNS_NAMES |
ec2.publicDNS, public asset.dnsName | PUBLIC_DNS_NAMES |
| operating system, else host name | DESCRIPTION |
Package
| Source Field Name | SDM Attribute |
|---|---|
generated CPE 2.2 URI (fallback software.uid) | UID |
software.architecture | ARCHITECTURE |
software.category | CATEGORY |
software.category1 | CATEGORY1 |
software.category2 | CATEGORY2 |
software.component | COMPONENT |
software.edition | EDITION |
software.formerlyKnownAs | FORMERLY_KNOWN_AS |
software.fullName / software.osName | NAME |
software.ignoredReason | IGNORED_REASON |
software.isIgnored | IS_IGNORED |
software.isPackage | IS_PACKAGE |
software.isPackageComponent | IS_PACKAGE_COMPONENT |
software.language | LANGUAGE |
software.lastUpdated | SOURCE_LAST_MODIFIED |
software.lastUseDate | LAST_USED |
software.license.category | LICENSE |
software.lifecycle.eolDate | EOL_DATE |
software.lifecycle.eolSupportStage | EOL_SUPPORT_STAGE |
software.lifecycle.eosDate | EOS_DATE |
software.lifecycle.eosSupportStage | EOS_SUPPORT_STAGE |
software.lifecycle.gaDate | GA_DATE |
software.lifecycle.introDate | INTRODUCED_DATE |
software.lifecycle.lifeCycleConfidence | LIFECYCLE_CONFIDENCE |
software.lifecycle.obsoleteDate | OBSOLETE_DATE |
software.lifecycle.stage | LIFECYCLE_STAGE |
software.marketVersion | MARKET_VERSION |
software.packageName | PACKAGE_NAME |
software.productFamily | PRODUCT_FAMILY |
software.productName | PRODUCT_NAME |
software.productName / category2 / category1 / softwareType / osName | DESCRIPTION |
software.productUrl | PRODUCT_URL |
software.publisher | PUBLISHER |
software.softwareType | TYPE |
software.supportStageDesc | SUPPORT_STAGE |
software.update | UPDATE |
software.version | REVISION |
Note: Software records flagged isIgnored=true are excluded from the sync.
Installed Package
| Source Field Name | SDM Attribute |
|---|---|
asset.assetId | TARGETS |
asset.assetId + _ + generated software UID | UID |
generated software UID (CPE 2.2 URI) | TYPE |
software.installDate | INSTALL_DATE |
software.installPath | INSTALL_PATH |
software.lastUseDate | LAST_USED |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Host
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST {baseUrl}/rest/2.0/search/am/asset - Default filters:
excludeFields=openPort,userAccount,volume,service
Package
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST {baseUrl}/rest/2.0/search/am/asset
Installed Package
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST {baseUrl}/rest/2.0/search/am/asset
Changelog
The Qualys CyberSecurity Asset Management connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 5.3.41 | No changes in this release. | N/A |
| 5.3.40 | No changes in this release. | N/A |
| 5.3.39 | Bug Fixes - Corrected the Software model lifecycle date attributes ("GA date", "EOL date", "EOS date", "Obsolete date") to be stored as proper timestamps (were stored as numbers). - Fixed the "GA date" attribute, which was incorrectly registered under the "Introduced date" attribute name and therefore collided with the actual "Introduced date" value. "GA date" now has its own distinct attribute. | • Software: the lifecycle date attributes changed type, and "GA date" is now a distinct attribute. Re-sync the Qualys_AM connector to repopulate these records. |
| 5.3.38 | No changes in this release. | N/A |
| 5.3.37 | No changes in this release. | N/A |
| 5.3.36 | Improvements Coding Standards Modernization - Bumped http-connectors-parent from 2.1.7 to 2.1.12 and connectors-model from 1.5.10 to 1.6.19 to align with the current connector framework baseline. - Replaced all new AttributeInfoBuilder(...) usages with AttributeInfos.newAttribute(...) across all model classes. This ensures custom attributes are registered with the correct consolidation priority, so they participate properly in attribute consolidation and value precedence. - Removed local addAttribute helper methods in favor of AttributeUtils.addAttribute from connectors-model, which prevents null values from silently reaching the attribute builder and adds type validation. - Migrated storage initialization from the deprecated LocalFactory / LocalConfig to StorageManager from connectors-model. - Removed the connector-local InstantDeserializer / InstantUtils in favor of OptionalInstantDeserializer from connectors-model, which supports a broader set of input formats. - Applied Spotless code formatting to the full codebase. | N/A |
| 5.3.35 | No changes in this release. | N/A |
| 5.3.34 | No changes in this release. | N/A |
| 5.3.33 | No changes in this release. | N/A |
| 5.3.32 | No changes in this release. | N/A |
| 5.3.31 | No changes in this release. | N/A |
| 5.3.30 | No changes in this release. | N/A |
| 5.3.29 | No changes in this release. | N/A |
| 5.3.28 | No changes in this release. | N/A |
| 5.3.27 | No changes in this release. | N/A |
| 5.3.26 | No changes in this release. | N/A |
| 5.3.25 | No changes in this release. | N/A |
| 5.3.24 | No changes in this release. | N/A |
| 5.3.23 | No changes in this release. | N/A |
| 5.3.22 | No changes in this release. | N/A |
| 5.3.21 | No changes in this release. | N/A |
| 5.3.20 | No changes in this release. | N/A |
| 5.3.19 | No changes in this release. | N/A |
| 5.3.18 | No changes in this release. | N/A |
| 5.3.17 | No changes in this release. | N/A |
| 5.3.16 | No changes in this release. | N/A |
| 5.3.15 | New Features - Added network and ownership attributes to the Host model: Organization name, ASN, ISP, Domain, and Subdomain. - Added WHOIS details to the Host model: WHOIS creation date, registrant organization, registrant email, and registrar. - Added operating system lifecycle attributes to the Host model: OS lifecycle stage, OS GA date, OS EOL date, and OS EOS date. | N/A |
| 5.3.14 | No changes in this release. | N/A |
| 5.3.13 | No changes in this release. | N/A |
| 5.3.12 | No changes in this release. | N/A |
| 5.3.11 | No changes in this release. | N/A |
| 5.3.10 | Improvements - Consolidated the Host hostname and DNS/IP attributes into multi-valued attributes so all values reported by Qualys are retained instead of only the first. The single-valued "Hostname", "Private DNS name", "Public DNS name", and "Public IP address" attributes were replaced by their multi-valued equivalents, and the asset identifier set was updated accordingly. | • Host: hostname and DNS/IP attributes were re-keyed to multi-valued attributes and the identifier set changed. Re-sync the Qualys_AM connector to repopulate these records. |
| 5.3.9 | No changes in this release. | N/A |
| 5.3.8 | No changes in this release. | N/A |
| 5.3.7 | No changes in this release. | N/A |
| 5.3.6 | Improvements - Renamed the connector's models to align with Brinqa's standard data model naming: "Asset" is now "Host", "Software" is now "Package", and "Software Installation" is now "Installed package". | • Host (was "Asset"), Package (was "Software"), and Installed package (was "Software Installation"): the model names changed. Re-sync the Qualys_AM connector so records are recreated under the new model names. |
| 5.3.5 | No changes in this release. | N/A |
| 5.3.4 | No changes in this release. | N/A |
| 5.3.3 | No changes in this release. | N/A |
| 5.3.2 | No changes in this release. | N/A |
| 5.3.1 | No changes in this release. | N/A |
| 5.3.0 | No changes in this release. | N/A |
| 5.2.4 | No changes in this release. | N/A |
| 5.2.3 | No changes in this release. | N/A |
| 5.2.2 | No changes in this release. | N/A |
| 5.2.1 | No changes in this release. | N/A |
| 5.2.0 | No changes in this release. | N/A |
| 5.1.13 | No changes in this release. | N/A |
| 5.1.12 | No changes in this release. | N/A |
| 5.1.11 | No changes in this release. | N/A |
| 5.1.10 | No changes in this release. | N/A |
| 5.1.9 | No changes in this release. | N/A |
| 5.1.8 | No changes in this release. | N/A |
| 5.1.7 | No changes in this release. | N/A |
| 5.1.6 | No changes in this release. | N/A |
| 5.1.5 | No changes in this release. | N/A |
| 5.1.4 | No changes in this release. | N/A |
| 5.1.3 | No changes in this release. | N/A |
| 5.1.2 | New Features - Added sync filtering options so a sync can be scoped to specific asset tags, operating system categories, and software categories. | N/A |
| 5.1.1 | Bug Fixes - Changed how Installed package records are keyed so each installation is tied to its package using a stable CPE-based identifier, improving correlation between hosts and the software installed on them. | • Installed package: the identifier used for installed software records changed. Re-sync the Qualys_AM connector to repopulate these records. |
| 5.1.0 | Overview The Qualys CyberSecurity Asset Management connector integrates with Qualys CSAM/GAV to synchronize host assets along with their installed software inventory. Category: Asset Management Models | N/A |