Qualys CyberSecurity Asset Management
Qualys CyberSecurity Asset Management (CSAM) is an asset management tool that provides visibility into your assets. You can bring asset and software information from Qualys CSAM into Brinqa to establish a comprehensive asset inventory, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Qualys CSAM and how to obtain that information from Qualys. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Qualys CyberSecurity Asset Management from the Connector drop-down. You must provide the following information to authenticate Qualys CSAM with Brinqa:
-
API URL: The Qualys API Server URL. For information on how to determine your Qualys API URL, see Qualys documentation.
-
Username and Password: The username and password associated with the Qualys user, which must have permissions to log in to the API server and return data.
Create a Qualys user
To ensure the user account that the Qualys CSAM connector uses to access the Qualys server has the appropriate permissions, follow these steps.
-
Log in to your organization's Qualys server.
-
Click the the drop-down at the top of the page and under Utilities, select Administration.
-
Navigate to Users, and then click the User Management tab.
-
Click the Create User drop-down and select Create Reader User.
-
Fill out the general information for the new user.
-
Click User Role on the left menu.
From the User Role drop-down, select Reader.
-
Select GUI and API to enable API access, and leave Business Unit Unassigned.
noteGUI access allows the user to log in to the Qualys GUI (graphical user interface). After you create the new Qualys user, log in to the Qualys GUI using the new credentials. The system prompts the user to reset their password. The Qualys connector will not function until you complete the password reset.
-
-
Click Asset Groups on the left menu.
- From the Add asset groups drop-down, select Add All or only the asset groups the Qualys user needs access to.
-
Click Permissions on the left menu and select all of the available permissions.
-
Click Options to modify the notification options as needed.
-
Click Save.
The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.
If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.
If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.
Additional Settings
The Qualys CSAM connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 300. It is not recommended to go over 300.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 2.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Qualys CSAM API before giving up and reporting a failure. The default setting is 5.
Types of Data to Retrieve
The Qualys CSAM connector can retrieve the following types of data from Qualys:
Table 1: Data retrieved from Qualys CSAM
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Asset | Yes | Host |
| Installed Software | Yes | Installed Package |
| Software | Yes | Package |
For detailed steps on how to view the data retrieved from Qualys CSAM in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Asset
Table 2: Asset attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| asset.agentId | Local variable |
| asset.activity.lastScannedDate | lastScanned |
| asset.assetId | uid |
| asset.assetType | Local variable |
| asset.assetUUID | Local variable |
| asset.asn | Local variable |
| asset.biosAssetTag | Local variable |
| asset.biosDescription | Local variable |
| asset.biosSerialNumber | Local variable |
| asset.cpuCount | Local variable |
| asset.createdDate | firstSeen |
| asset.domain | Local variable |
| asset.hardware.taxonomy.category1 | Local variable |
| asset.hardware.taxonomy.category2 | Local variable |
| asset.hostId | Local variable |
| asset.hwSerialNumber | Local variable |
| asset.hwUUID | Local variable |
| asset.inventory.created | sourceCreatedDate |
| asset.inventory.lastUpdated | lastSeen |
| asset.isContainerHost | Local variable |
| asset.isHypervisor | Local variable |
| asset.isVirtualMachine | Local variable |
| asset.lastBoot | lastStarted |
| asset.lastLoggedOnUser | Local variable |
| asset.mostFrequentUser | Local variable |
| asset.netbiosName | Local variable |
| asset.operatingSystem.lifecycle.eolDate | Local variable |
| asset.operatingSystem.lifecycle.eosDate | Local variable |
| asset.operatingSystem.lifecycle.gaDate | Local variable |
| asset.operatingSystem.lifecycle.stage | Local variable |
| asset.operatingSystem.taxonomy.category1 | Local variable |
| asset.operatingSystem.taxonomy.category2 | Local variable |
| asset.organizationName | Local variable |
| asset.sensorLastUpdatedDate | Local variable |
| asset.subdomain | Local variable |
| asset.tagList.tags.tag.tagName | tags |
| asset.timeZone | Local variable |
| asset.totalMemory | Local variable |
| asset.whois.createdDate | Local variable |
| asset.whois.registrantEmail | Local variable |
| asset.whois.registrantOrganization | Local variable |
| asset.whois.registrar | Local variable |
| categories/asset category | categories |
| dnsNames | dnsNames |
| getDescription | description |
| getHostname | hostname |
| getName | name |
| getOperatingSystem | operatingSystem |
| hostnames | hostnames |
| instanceId | instanceId |
| ipAddresses | ipAddresses |
| macAddresses | macAddresses |
| privateDnsName | privateDnsName |
| privateDnsNames | privateDnsNames |
| privateIpAddresses | privateIpAddresses |
| publicDnsName | publicDnsName |
| publicDnsNames | publicDnsNames |
| publicIpAddress | publicIpAddress |
| publicIpAddresses | publicIpAddresses |
| status | status |
Installed Software
Table 3: Installed Software attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| asset.assetId | targets |
| generateSoftwareUid | type |
| software.installDate | installDate |
| software.installPath | installPath |
| software.lastUseDate | Local variable |
| uid | uid |
Software
Table 4: Software attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| generateSoftwareUid | uid |
| getName | name |
| getDescription | description |
| software.version | revision |
| software.publisher | publisher |
| software.installDate | sourceCreatedDate |
| software.lastUpdated | sourceLastModified |
| software.architecture | Local variable |
| software.category | Local variable |
| software.category1 | Local variable |
| software.category2 | Local variable |
| software.component | Local variable |
| software.edition | Local variable |
| software.lifecycle.eolDate | Local variable |
| software.lifecycle.eolSupportStage | Local variable |
| software.lifecycle.eosDate | Local variable |
| software.lifecycle.eosSupportStage | Local variable |
| software.formerlyKnownAs | Local variable |
| software.lifecycle.gaDate | Local variable |
| software.ignoredReason | Local variable |
| software.lifecycle.introDate | Local variable |
| software.isIgnored | Local variable |
| software.isPackage | Local variable |
| software.isPackageComponent | Local variable |
| software.language | Local variable |
| software.license.category | Local variable |
| software.lifecycle.lifeCycleConfidence | Local variable |
| software.lifecycle.stage | Local variable |
| software.marketVersion | Local variable |
| software.lifecycle.obsoleteDate | Local variable |
| software.packageName | Local variable |
| software.productFamily | Local variable |
| software.productName | Local variable |
| software.productUrl | Local variable |
| software.supportStageDesc | Local variable |
| software.softwareType | Local variable |
| software.update | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The Qualys CSAM connector supports the following operation options. See connector operation options for information about how to apply them.
Table 5: Qualys CSAM operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Asset | Level 2 operating system category | Any level 2 operating system category | A comma-separated list of level 2 operating system categories. Limit assets retrieved by the specified operating system category. For additional information, see Qualys CSAM documentation. | Key: operatingSystem.category2 Value: Windows Server,Linux Server. This key and value combination only retrieves assets with the specified operating system categories. |
| tags | Any Qualys asset tag | A comma-separated list of asset tags. Limit assets retrieved by the specified tags. For additional information, see Qualys CSAM documentation | Key: tags Value: Internet Facing Assets,Production. This key and value combination only retrieves assets with the specified tags. |
The option keys and values are case-sensitive as they are shown in this documentation
APIs
The Qualys CSAM connector uses Qualys CyberSecurity Asset Management REST API v2. Specifically, it uses the following endpoints:
Table 6: Qualys CSAM API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Asset | GET /rest/2.0/search/am/asset |
| Installed Software | GET /rest/2.0/search/am/asset |
| Software | GET /rest/2.0/search/am/asset |
Changelog
The Qualys CSAM connector has undergone the following changes:
Table 7: Qualys CSAM connector changelog
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
| Version | Description | Date Published |
|---|---|---|
| 5.3.23 | No change. | August 15th, 2025 |
| 5.3.22 | The CyberSecurity Asset Management connector has renamed to "Qualys CyberSecurity Asset Management". This change only affects the connector label and does not impact functionality. You can update without making any changes to your existing configurations. | August 5th, 2025 |
| 5.3.21 | No change. | August 5th, 2025 |
| 5.3.20 | No change. | July 11th, 2025 |
| 5.3.19 | No change. | July 2nd, 2025 |
| 5.3.18 | No change. | June 30th, 2025 |
| 5.3.17 | No change. | May 7th, 2025 |
| 5.3.16 | No change. | April 23rd, 2025 |
| 5.3.15 | - Added the following attributes to the Asset object:
| April 8th, 2025 |
| 5.3.14 | No change. | March 26th, 2025 |
| 5.3.13 | No change. | March 12th, 2025 |
| 5.3.12 | No change. | March 3rd, 2025 |
| 5.3.11 | No change. | February 28th, 2025 |
| 5.3.10 | No change. | January 29th, 2025 |
| 5.3.9 | No change. | December 30th, 2024 |
| 5.3.8 | No change. | November 14th, 2024 |
| 5.3.7 | No change. | November 12th, 2024 |
| 5.3.6 | No change. | November 7th, 2024 |
| 5.3.5 | No change. | October 21st, 2024 |
| 5.3.4 | No change. | September 23rd, 2024 |
| 5.3.3 | No change. | September 20th, 2024 |
| 5.3.2 | No change. | August 23rd, 2024 |
| 5.3.1 | No change. | August 15th, 2024 |
| 5.3.0 | No change. | August 12th, 2024 |
| 5.2.4 | No change. | July 26th, 2024 |
| 5.2.3 | No change. | July 2nd, 2024 |
| 5.2.2 | No change. | June 26th, 2024 |
| 5.2.1 | No change. | May 15th, 2024 |
| 5.2.0 | No change. | May 7th, 2024 |
| 5.1.13 | No change. | April 16th, 2024 |
| 5.1.12 | No change. | April 5th, 2024 |
| 5.1.11 | No change. | March 11th, 2024 |
| 5.1.10 | Updated dependencies. | March 8th, 2024 |
| 5.1.9 | No change. | February 8th, 2024 |
| 5.1.8 | No change. | January 25th, 2024 |
| 5.1.7 | No change. | September 19th, 2023 |
| 5.1.6 | No change. | September 18th, 2023 |
| 5.1.5 | No change. | September 12th, 2023 |
| 5.1.4 | No change. | September 12th, 2023 |
| 5.1.3 | No change. | August 29th, 2023 |
| 5.1.2 | No change. | July 14th, 2023 |
| 5.1.1 | No change. | July 10th, 2023 |
| 5.1.0 | No change. | July 10th, 2023 |
| 5.0.18 | Added the SEVERITY_SCORE attribute to the Vulnerability Definition object. | February 14th, 2023 |
| 5.0.17 | Code cleanup and general maintenance. | December 17th, 2022 |
| 5.0.16 | Code cleanup and general maintenance. | December 16th, 2022 |
| 5.0.15 | Code cleanup and general maintenance. | December 15th, 2022 |
| 5.0.14 | Added UID as identifier for all connector objects. | December 9th, 2022 |
| 5.0.13 | Code cleanup and general maintenance. | December 8th, 2022 |
| 5.0.12 | Code cleanup and general maintenance. | December 8th, 2022 |
| 5.0.11 | Code cleanup and general maintenance. | December 5th, 2022 |
| 5.0.10 | Code cleanup and general maintenance. | December 4th, 2022 |
| 5.0.9 | Code cleanup and general maintenance. | December 3rd, 2022 |
| 5.0.8 | Code cleanup and general maintenance. | December 3rd, 2022 |
| 5.0.7 | Code cleanup and general maintenance. | December 3rd, 2022 |
| 5.0.6 | Code cleanup and general maintenance. | December 2nd, 2022 |
| 5.0.5 | Code cleanup and general maintenance. | July 8th, 2022 |
| 5.0.4 | No change. | May 12th, 2022 |
| 5.0.3 | Code cleanup and general maintenance. | April 26th, 2022 |
| 5.0.2 | Code cleanup and general maintenance. | April 26th, 2022 |
| 5.0.1 | Code cleanup and general maintenance. | April 19th, 2022 |
| 5.0.0 | Initial Integration+ release. | April 19th, 2022 |