Qualys Web Application Scanning
Qualys Web Application Scanning (WAS) is an application security tool that assesses your web applications for vulnerabilities. You can bring application and security data from Qualys WAS into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Qualys WAS and how to obtain that information from Qualys. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Qualys Web Application Scanning from the Connector drop-down. You must provide the following information to authenticate Qualys WAS with Brinqa:
-
API Server URL: The Qualys API Server URL. For information on how to determine your Qualys API URL, see Qualys documentation.
-
Username and Password: The username and password associated with the Qualys user, which must have permissions to log in to the API server and return data.
Create a Qualys user
To ensure the user account that the Qualys WAS connector uses to access the Qualys server has the appropriate permissions, follow these steps.
-
Log in to your organization's Qualys server.
-
Navigate to Users, and then select the Users tab.
-
Click New and select User. The New User dialog displays.
-
Fill out the general information for the new user.
-
Click User Role on the left menu.
-
From the User Role drop-down, select Reader.
-
Select GUI and API to enable API access, and leave Business Unit Unassigned.
noteGUI access allows the user to log in to the Qualys GUI (graphical user interface). After you create the new Qualys user, log in to the Qualys GUI using the new credentials. The system prompts the user to reset their password. The Qualys connector will not function until you complete the password reset.
-
-
Click Asset Groups.
- From the Add asset groups drop-down, select All or only the asset groups the Qualys user needs access to.
-
Click Permissions and select all of the available permissions.
-
Click Options to modify the notification options as needed.
-
Click Save.
The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.
If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.
If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.
Additional settings
The Qualys WAS connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 2.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Qualys WAS API before giving up and reporting a failure. The default setting is 5.
-
Request timeout (secs): The maximum time allotted, in seconds, before a request times out. The default setting is 120 seconds. Although it is not recommended, you can also enter zero (0) to disable timeouts.
Types of data to retrieve
The Qualys WAS connector can retrieve the following types of data from Qualys:
Table 1: Data retrieved from Qualys WAS
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Application | Yes | Application |
| Finding | Yes | Dynamic Code Finding |
| Vulnerability Definition | Yes | Dynamic Code Finding Definition |
For detailed steps on how to view the data retrieved from Qualys WAS in the Brinqa Platform, see How to view your data.
Operation options
The Qualys WAS connector supports the following operation options. See connector operation options for information about how to apply them.
Table 2: Qualys WAS connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Application | updatedDate | Any date and time value in the UTC format. | You can use this option to return all applications that were last updated on the specified date. | Key: updatedDate Value: 2023-07-01. This key and value combination only retrieves applications that were last updated on July 1st, 2023. |
| Finding | lastDetectedDate | Any date and time value in the UTC format. | You can use this option to return all findings that were last detected in your web applications by the specified date. | Key: lastDetectedDate Value: 2023-07-01T00:00:00Z. This key and value combination only retrieves findings that were last detected on July 1st, 2023, at midnight UTC. |
| severity | 1, 2, 3, 4, 5 | A comma-separated list of finding severities. You can use this option to return all findings with the specified severity as determined by Qualys. | Key: severity Value: 4,5. This key and value combination only retrieves findings of severity 4 and 5. | |
| status | ACTIVE, FIXED, NEW, REOPENED | A comma-separated list of finding statuses. You can use this option to return all findings with the specified status as determined by Qualys. | Key: status Value: ACTIVE,REOPENED. This key and value combination only retrieves active and reopened findings. | |
| Vulnerability Definition | ids | Any Qualys WAS vulnerability ID. | A comma-separated list of vulnerability IDs. You can use this option to return all vulnerabilities with the specified ID. | Key: ids Value: 316693,105484. This key and value combination only retrieves vulnerabilities associated with IDs 105484 and 316693. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The Qualys WAS connector uses Qualys WAS API v3. Specifically, it uses the following endpoints:
Table 3: Qualys WAS API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Application | GET /qps/rest/3.0/get/was/webapp/{id} |
POST /qps/rest/3.0/search/was/webapp | |
| Finding | POST /qps/rest/3.0/search/was/finding |
| Vulnerability Definition | GET /api/2.0/fo/knowledge_base/vuln/ |
Changelog
The Qualys WAS connector has undergone the following changes:
Table 4: Qualys WAS connector changelog
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
| Version | Description | Date Published |
|---|---|---|
| 5.3.20 | No change. | July 11th, 2025 |
| 5.3.19 | No change. | July 2nd, 2025 |
| 5.3.18 | No change. | June 30th, 2025 |
| 5.3.17 | No change. | May 7th, 2025 |
| 5.3.16 | No change. | April 23rd, 2025 |
| 5.3.15 | No change. | April 8th, 2025 |
| 5.3.14 | No change. | March 26th, 2025 |
| 5.3.13 | No change. | March 12th, 2025 |
| 5.3.12 | No change. | March 3rd, 2025 |
| 5.3.11 | No change. | February 28th, 2025 |
| 5.3.10 | No change. | January 29th, 2025 |
| 5.3.9 | No change. | December 30th, 2024 |
| 5.3.8 | No change. | November 14th, 2024 |
| 5.3.7 | No change. | November 12th, 2024 |
| 5.3.6 | No change. | November 7th, 2024 |
| 5.3.5 | Added a new additional setting to help prevent sync failures due to default timeout limits: Request timeout. | October 21st, 2024 |
| 5.3.4 | No change. | September 23rd, 2024 |
| 5.3.3 | No change. | September 20th, 2024 |
| 5.3.2 | No change. | August 23rd, 2024 |
| 5.3.1 | No change. | August 15th, 2024 |
| 5.3.0 | No change. | August 12th, 2024 |
| 5.2.4 | No change. | July 26th, 2024 |
| 5.2.3 | No change. | July 2nd, 2024 |
| 5.2.2 | No change. | June 26th, 2024 |
| 5.2.1 | No change. | May 15th, 2024 |
| 5.2.0 | No change. | May 7th, 2024 |
| 5.1.13 | No change. | April 16th, 2024 |
| 5.1.12 | The Vulnerability Definition object now maps to Dynamic Code Finding Definition. | April 5th, 2024 |
| 5.1.11 | Updated dependencies. | March 11th, 2024 |
| 5.1.10 | Updated dependencies. | March 8th, 2024 |
| 5.1.9 | No change. | February 8th, 2024 |
| 5.1.8 | No change. | January 25th, 2024 |
| 5.1.7 | No change. | September 19th, 2023 |
| 5.1.6 | No change. | September 18th, 2023 |
| 5.1.5 | Added checks for null Common Vulnerability Scoring System (CVSS) vectors. | September 12th, 2023 |
| 5.1.4 | No change. | September 12th, 2023 |
| 5.1.3 | Updated to trim trailing spaces from the CVE IDs present in certain vulnerability definitions. | August 29th, 2023 |
| 5.1.2 | No change. | July 14th, 2023 |
| 5.1.1 | No change. | July 10th, 2023 |
| 5.1.0 | No change. | July 10th, 2023 |
| 5.0.18 | Added the SEVERITY_SCORE attribute to the Vulnerability Definition object. | February 14th, 2023 |
| 5.0.17 | Code clean up and general maintenance. | December 17th, 2022 |
| 5.0.16 | Code clean up and general maintenance. | December 16th, 2022 |
| 5.0.15 | Code clean up and general maintenance. | December 15th, 2022 |
| 5.0.14 | Added UID as identifier for all connector objects. | December 9th, 2022 |
| 5.0.13 | Replaced the CATEGORY attribute with CATEGORIES on all connector objects. | December 8th, 2022 |
| 5.0.12 | No change. | December 8th, 2022 |
| 5.0.11 | Code clean up and general maintenance. | December 5th, 2022 |
| 5.0.10 | No change. | December 4th, 2022 |
| 5.0.9 | Code clean up and general maintenance. | December 3rd, 2022 |
| 5.0.8 | Code clean up and general maintenance. | December 3rd, 2022 |
| 5.0.7 | Code clean up and general maintenance. | December 3rd, 2022 |
| 5.0.6 | Code clean up and general maintenance. | December 2nd, 2022 |
| 5.0.5 | Code clean up and general maintenance. | July 8th, 2022 |
| 5.0.4 | Replaced the Finding Definition object with Vulnerability Definition. | May 12th, 2022 |
| 5.0.3 | Initial Integration+ release. | April 26th, 2022 |