Skip to main content

Qualys Cybersecurity Asset Management

Qualys Cybersecurity Asset Management (CSAM) is an asset management tool that provides visibility into your assets. You can bring asset and software information from Qualys CSAM into Brinqa to establish a comprehensive asset inventory, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Qualys CSAM and how to obtain that information from Qualys. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select CyberSecurity Asset Management from the Connector drop-down. You must provide the following information to authenticate Qualys CSAM with Brinqa:

  • API URL: The Qualys API Server URL. For information on how to determine your Qualys API URL, see Qualys documentation.

  • Username and Password: The username and password associated with the Qualys user, which must have permissions to log in to the API server and return data.

Create a Qualys user

To ensure the user account that the Qualys CSAM connector uses to access the Qualys server has the appropriate permissions, follow these steps.

  1. Log in to your organization's Qualys server.

  2. Click the application picker and under Utilities, select Administration.

  3. Navigate to Users, and then click the User Management tab.

  4. Click the Create User drop-down and select Create Reader User.

    Qualys CS create user navigation

  5. Fill out the general information for the new user.

  6. Click User Role on the left menu.

    From the User Role drop-down, select Reader.

    • Select GUI and API to enable API access, and leave Business Unit Unassigned.

      Qualys VM User Role settings

  7. Click Asset Groups on the left menu.

    • From the Add asset groups drop-down, select Add All or only the asset groups the Qualys user needs access to.
  8. Click Permissions on the left menu and select all of the available permissions.

  9. Click Options to modify the notification options as needed.

  10. Click Save.

The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.

If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.

note

If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.

Additional Settings

The Qualys CSAM connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 300. It is not recommended to go over 300.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 2.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the Qualys CSAM API before giving up and reporting a failure. The default setting is 5.

Types of Data to Retrieve

The Qualys CSAM connector can retrieve the following types of data from Qualys:

Table 1: Data retrieved from Qualys CSAM

Connector ObjectRequiredMaps to Data Model
AssetYesHost
Installed SoftwareYesInstalled Package
SoftwareYesPackage
info

For detailed steps on how to view the data retrieved from Qualys CSAM in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Asset

Table 2: Asset attribute mappings

Source Field NameMaps to Attribute
asset.assetIduid
asset.activity.lastScannedDatelastScanned
asset.agentIdLocal variable
asset.assetTypeLocal variable
asset.assetUUIDLocal variable
asset.biosAssetTagLocal variable
asset.biosDescriptionLocal variable
asset.biosSerialNumberLocal variable
asset.cpuCountLocal variable
asset.createdDate, asset.inventory.createdfirstSeen, sourceCreatedDate
asset.hardware.taxonomy.category1Local variable
asset.hardware.taxonomy.category2Local variable
asset.hostIdLocal variable
asset.hwSerialNumberLocal variable
asset.hwUUIDLocal variable
asset.inventory.lastUpdatedlastSeen, sourceLastModified
asset.isContainerHostLocal variable
asset.isHypervisorLocal variable
asset.isVirtualMachineLocal variable
asset.lastBootlastStarted
asset.lastLoggedOnUserLocal variable
asset.mostFrequentUserLocal variable
asset.netbiosNameLocal variable
asset.operatingSystem.taxonomy.category1Local variable
asset.operatingSystem.taxonomy.category2Local variable
asset.sensorLastUpdatedDateLocal variable
asset.tagList.tags.tag.tagNametags
asset.timeZoneLocal variable
asset.totalMemoryLocal variable
categories/asset categorycategories
dnsNamesdnsNames
getDescriptiondescription
getHostnamehostname
getNamename
getOperatingSystemoperatingSystem
hostnameshostnames
instanceIdinstanceId
ipAddressesipAddresses
macAddressesmacAddresses
privateDnsNameprivateDnsName
privateDnsNamesprivateDnsNames
privateIpAddressesprivateIpAddresses
publicDnsNamepublicDnsName
publicDnsNamespublicDnsNames
publicIpAddresspublicIpAddress
publicIpAddressespublicIpAddresses
statusstatus
Installed Software

Table 3: Installed Software attribute mappings

Source Field NameMaps to Attribute
asset.assetIdtargets
generateSoftwareUidtype
software.installDateinstallDate
software.installPathinstallPath
software.lastUseDateLocal variable
uiduid
Software

Table 4: Software attribute mappings

Source Field NameMaps to Attribute
generateSoftwareUiduid
getNamename
getDescriptiondescription
software.versionrevision
software.publisherpublisher
software.installDatesourceCreatedDate
software.lastUpdatedsourceLastModified
software.architectureLocal variable
software.categoryLocal variable
software.category1Local variable
software.category2Local variable
software.componentLocal variable
software.editionLocal variable
software.lifecycle.eolDateLocal variable
software.lifecycle.eolSupportStageLocal variable
software.lifecycle.eosDateLocal variable
software.lifecycle.eosSupportStageLocal variable
software.formerlyKnownAsLocal variable
software.lifecycle.gaDateLocal variable
software.ignoredReasonLocal variable
software.lifecycle.introDateLocal variable
software.isIgnoredLocal variable
software.isPackageLocal variable
software.isPackageComponentLocal variable
software.languageLocal variable
software.license.categoryLocal variable
software.lifecycle.lifeCycleConfidenceLocal variable
software.lifecycle.stageLocal variable
software.marketVersionLocal variable
software.lifecycle.obsoleteDateLocal variable
software.packageNameLocal variable
software.productFamilyLocal variable
software.productNameLocal variable
software.productUrlLocal variable
software.supportStageDescLocal variable
software.softwareTypeLocal variable
software.updateLocal variable
note

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Operation options

The Qualys CSAM connector supports the following operation options. See connector operation options for information about how to apply them.

Table 5: Qualys CSAM operation options

Connector ObjectOptionAll Possible ValuesDescriptionExample
AssetLevel 2 operating system categoryAny level 2 operating system categoryA comma-separated list of level 2 operating system categories. Limit assets retrieved by the specified operating system category. For additional information, see Qualys CSAM documentation.Key: operatingSystem.category2 Value: Windows Server,Linux Server. This key and value combination only retrieves assets with the specified operating system categories.
tagsAny Qualys asset tagA comma-separated list of asset tags. Limit assets retrieved by the specified tags. For additional information, see Qualys CSAM documentationKey: tags Value: Internet Facing Assets,Production. This key and value combination only retrieves assets with the specified tags.
note

The option keys and values are case-sensitive as they are shown in this documentation

APIs

The Qualys CSAM connector uses Qualys CyberSecurity Asset Management REST API v2. Specifically, it uses the following endpoints:

Table 6: Qualys CSAM API Endpoints

Connector ObjectAPI Endpoint
AssetGET /rest/2.0/search/am/asset
Installed SoftwareGET /rest/2.0/search/am/asset
SoftwareGET /rest/2.0/search/am/asset

Changelog

The Qualys CSAM connector has undergone the following changes:

5.3.4

  • No change.

5.0.0