Qualys Policy Compliance Reporting Service
Qualys Policy Compliance Reporting Service (PCRS) is a compliance management tool within the Qualys Policy Compliance module, focused specifically on generating reports for compliance status and activities. You can bring host, policy, and violation data from Qualys into Brinqa to gain insights into your compliance posture, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Qualys PCRS and how to obtain that information from Qualys. See create a data integration for step-by-step instructions on setting up the integration.
Qualys recommends the Qualys PCRS connector for users with larger volumes of data due to its ability to generate reports faster. Although PCRS offers fewer fields than the Qualys Policy Compliance connector, it is optimized for speed and efficiency.
Required connection settings
When setting up a data integration, select Qualys Policy Compliance Reporting Service from the Connector drop-down. You must provide the following information to authenticate Qualys with Brinqa:
-
API Server URL: The Qualys platform API Server URL. For information on how to determine your Qualys API URL, see Qualys documentation.
-
Username and Password: The user name and password associated with the Qualys user, which must have permissions to log in to the API server and return data.
Create a Qualys user
To ensure the user account that the Qualys PCRS connector uses to access the Qualys server has the appropriate permissions, follow these steps.
-
Log in to your organization's Qualys server.
-
Navigate to Users, and then select the Users tab.
-
Click New and select User. The New User dialog displays.
-
Fill out the general information.
-
Click User Role on the left menu.
-
From the User Role drop-down, select Reader.
-
Select GUI and API to enable API access, and leave Business Unit as Unassigned.
-
-
Click Asset Groups.
- From the Add asset groups drop-down, select All or only the asset groups the Qualys user needs access to.
-
Click Permissions and select all of the available permissions.
-
Click Options to modify the notification options as needed.
-
Click Save.
The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.
If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.
If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.
Types of data to retrieve
The Qualys PCRS connector can retrieve the following types of data from the Qualys API:
Table 1: Data retrieved from Qualys
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Policy | No | Not mapped |
| Violation | Yes | Violation |
| Violation Definition | Yes | Violation |
For detailed steps on how to view the data retrieved from Qualys PCRS in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Host
Table 2: Host attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| assetId | Local variable |
| Categories | categories |
| complianceLastScanDate | lastScanned |
| dns | publicDnsNames, privateDnsNames |
| domainName | Local variable |
| hostId | uid |
| instance | Local variable |
| ip | publicIpAddresses, privateIpAddresses, ipAddresses(calculate) |
| networkId | Local variable |
| networkName | Local variable |
| netBios | Local variable |
| os | os |
Violation
Table 3: Violation attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| causeOfFailure.missing | Local variable |
| causeOfFailure.missing.logic | Local variable |
| causeOfFailure.unexpected | Local variable |
| controlId | type |
| evidence.extendedEvidence | Local variable |
| firstFailDate | firstFailed |
| firstPassDate | firstPassed |
| hostId | targets |
| id | uid |
| instance | Local variable |
| lastFailDate | lastFailed |
| lastPassDate | lastPassed |
| netBios | Local variable |
| policyId | uid |
| postureModifiedDate | sourceLastModified |
| previousStatus | status, statusCategory |
| status | status, statusCategory |
Violation Definition
Table 3: Violation Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| controlId | uid |
| created | sourceCreatedDate |
| criticality.value | severity(normalized), severityScore, sourceSeverity |
| instance | Local variable |
| netBios | Local variable |
| policyId | uid |
| policyTitle | Local variable |
| postureModifiedDate | sourceLastModified |
| rationale | description |
| remediation | recommendation |
| technology | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The Qualys PCRS connector supports the following operation options. See connector operation options for information about how to apply them.
Table 5: Qualys PCRS connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Host | policy_ids | Any Qualys policy IDs | A comma-separated list of Qualys policy IDs. Retrieve hosts associated with the specified policy IDs. | Key: policy_ids Value: 123456,789012. This key and value combination only retrieves hosts associated with the specified policy IDs. |
| Violation | policy_ids | Any Qualys policy IDs | A comma-separated list of Qualys policy IDs. Retrieve violations associated with the specified policy IDs. | Key: policy_ids Value: 234567,890123. This key and value combination only retrieves violations associated with the specified policy IDs. |
| Violation Definition | policy_ids | Any Qualys policy IDs | A comma-separated list of Qualys policy IDs. Retrieve violation definitions associated with the specified policy IDs. | Key: policy_ids Value: 345678,901234. This key and value combination only retrieves violation definitions associated with the specified policy IDs. |
| Policy | policy_ids | Any Qualys policy IDs | A comma-separated list of Qualys policy IDs. Retrieve policies associated with the specified policy IDs. | Key: policy_ids Value: 456789,012345. This key and value combination only retrieves policies associated with the specified policy IDs. |
APIs
The Qualys PCRS connector uses the Qualys PCRS API v1 and v2. Specifically, it uses the following endpoints:
Table 6: Qualys PCRS API Endpoints
| Connector Object | API Endpoints |
|---|---|
| Host | GET pcrs/1.0/posture/hostids |
GET pcrs/1.0/posture/policy/list | |
GET pcrs/2.0/posture/postureInfo | |
| Policy | GET pcrs/1.0/posture/hostids |
GET pcrs/1.0/posture/policy/list | |
GET pcrs/2.0/posture/postureInfo | |
| Violation | GET pcrs/1.0/posture/hostids |
GET pcrs/1.0/posture/policy/list | |
GET pcrs/2.0/posture/postureInfo | |
| Violation Definition | GET pcrs/1.0/posture/hostids |
GET pcrs/1.0/posture/policy/list | |
GET pcrs/2.0/posture/postureInfo |
Changelog
The Qualys PCRS connector has undergone the following changes:
5.3.4
- No change.
5.3.3
- No change.
5.3.2
- No change.
5.3.1
-
Changed the TARGETS attribute type on the Violation object from long to string.
-
Changed the POLICY_ID attribute type on the Violation Definition object from long to string.
5.2.0
- Initial Integration+ release.