Qualys Policy Compliance Reporting Service

Qualys Policy Compliance Reporting Service (PCRS) is a compliance management tool within the Qualys Policy Compliance module, focused specifically on generating reports for compliance status and activities. You can bring host, policy, and violation data from Qualys into Brinqa to gain insights into your compliance posture, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Qualys PCRS and how to obtain that information from Qualys. See create a data integration for step-by-step instructions on setting up the integration.

note

Qualys recommends the Qualys PCRS connector for users with larger volumes of data due to its ability to generate reports faster. Although PCRS offers fewer fields than the Qualys Policy Compliance connector, it is optimized for speed and efficiency.

Required connection settings

When setting up a data integration, select Qualys Policy Compliance Reporting Service from the Connector drop-down. You must provide the following information to authenticate Qualys with Brinqa:

• API Server URL: The Qualys platform API Server URL. For information on how to determine your Qualys API URL, see Qualys documentation.

• Username and Password: The user name and password associated with the Qualys user, which must have permissions to log in to the API server and return data.

Create a Qualys user

To ensure the user account that the Qualys PCRS connector uses to access the Qualys server has the appropriate permissions, follow these steps.

1. Log in to your organization's Qualys server.

2. Navigate to Users, and then select the Users tab.

3. Click New and select User. The New User dialog displays.

   

4. Fill out the general information.

5. Click User Role on the left menu.

   • From the User Role drop-down, select Reader.

   • Select GUI and API to enable API access, and leave Business Unit as Unassigned.

     

6. Click Asset Groups.

   • From the Add asset groups drop-down, select All or only the asset groups the Qualys user needs access to.

7. Click Permissions and select all of the available permissions.

8. Click Options to modify the notification options as needed.

9. Click Save.

The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.

If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.

note

If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.

Additional settings

The Qualys PCRS connector contains additional options for specific configuration:

• Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

• Parallel requests: The maximum number of parallel API requests. The default setting is 2.

• Maximum retries: The maximum number of times that the integration attempts to connect to the Qualys API before giving up and reporting a failure. The default setting is 5.

Types of data to retrieve

The Qualys PCRS connector can retrieve the following types of data from the Qualys API:

Table 1: Data retrieved from Qualys

Connector Object	Required	Maps to Data Model
Host	Yes	Host
Policy	No	Not mapped
Violation	Yes	Violation
Violation Definition	Yes	Violation

info

For detailed steps on how to view the data retrieved from Qualys PCRS in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Host

Table 2: Host attribute mappings

Source Field Name	Maps to Attribute
assetId	Local variable
Categories	categories
complianceLastScanDate	lastScanned
dns	publicDnsNames, privateDnsNames
domainName	Local variable
hostId	uid
instance	Local variable
ip	publicIpAddresses, privateIpAddresses, ipAddresses(calculate)
networkId	Local variable
networkName	Local variable
netBios	Local variable
os	os

Violation

Table 3: Violation attribute mappings

Source Field Name	Maps to Attribute
causeOfFailure.missing	Local variable
causeOfFailure.missing.logic	Local variable
causeOfFailure.unexpected	Local variable
controlId	type
evidence.extendedEvidence	Local variable
firstFailDate	firstFailed
firstPassDate	firstPassed
hostId	targets
id	uid
instance	Local variable
lastFailDate	lastFailed
lastPassDate	lastPassed
netBios	Local variable
policyId	uid
postureModifiedDate	sourceLastModified
previousStatus	status, statusCategory
status	status, statusCategory

Violation Definition

Table 3: Violation Definition attribute mappings

Source Field Name	Maps to Attribute
controlId	uid
created	sourceCreatedDate
criticality.value	severity(normalized), severityScore, sourceSeverity
instance	Local variable
netBios	Local variable
policyId	uid
policyTitle	Local variable
postureModifiedDate	sourceLastModified
rationale	description
remediation	recommendation
technology	Local variable

info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Operation options

The Qualys PCRS connector supports the following operation options. See connector operation options for information about how to apply them.

Table 5: Qualys PCRS connector operation options

Connector Object	Option	All Possible Values	Description	Example
Host	policy_ids	Any Qualys policy IDs	A comma-separated list of Qualys policy IDs. Retrieve hosts associated with the specified policy IDs.	Key: policy_ids Value: 123456,789012. This key and value combination only retrieves hosts associated with the specified policy IDs.
Violation	policy_ids	Any Qualys policy IDs	A comma-separated list of Qualys policy IDs. Retrieve violations associated with the specified policy IDs.	Key: policy_ids Value: 234567,890123. This key and value combination only retrieves violations associated with the specified policy IDs.
Violation Definition	policy_ids	Any Qualys policy IDs	A comma-separated list of Qualys policy IDs. Retrieve violation definitions associated with the specified policy IDs.	Key: policy_ids Value: 345678,901234. This key and value combination only retrieves violation definitions associated with the specified policy IDs.
Policy	policy_ids	Any Qualys policy IDs	A comma-separated list of Qualys policy IDs. Retrieve policies associated with the specified policy IDs.	Key: policy_ids Value: 456789,012345. This key and value combination only retrieves policies associated with the specified policy IDs.

APIs

The Qualys PCRS connector uses the Qualys PCRS API v1 and v2. Specifically, it uses the following endpoints:

Table 6: Qualys PCRS API Endpoints

Connector Object	API Endpoints
Host	GET pcrs/1.0/posture/hostids
	GET pcrs/1.0/posture/policy/list
	GET pcrs/2.0/posture/postureInfo
Policy	GET pcrs/1.0/posture/hostids
	GET pcrs/1.0/posture/policy/list
	GET pcrs/2.0/posture/postureInfo
Violation	GET pcrs/1.0/posture/hostids
	GET pcrs/1.0/posture/policy/list
	GET pcrs/2.0/posture/postureInfo
Violation Definition	GET pcrs/1.0/posture/hostids
	GET pcrs/1.0/posture/policy/list
	GET pcrs/2.0/posture/postureInfo

Changelog

The Qualys PCRS connector has undergone the following changes:

5.3.8

• Increased the read timeout to 3 minutes to improve sync reliability and address performance issues.

5.3.7

• Fixed an issue where the Qualys PCRS sync was failing.

• Performance improvements for the Violation object sync.

5.3.6

• No change.

5.3.5

• No change.

5.3.4

• No change.

5.3.3

• No change.

5.3.2

• No change.

5.3.1

• Changed the TARGETS attribute type on the Violation object from long to string.

• Changed the POLICY_ID attribute type on the Violation Definition object from long to string.

5.2.0

• Initial Integration+ release.