Skip to main content

Qualys Web Application Scanning

Qualys Web Application Scanning (WAS) is an application security tool that assesses your web applications for vulnerabilities. You can bring application and security data from Qualys WAS into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Qualys WAS and how to obtain that information from Qualys. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Qualys Web Application Scanning from the Connector drop-down. You must provide the following information to authenticate Qualys WAS with Brinqa:

  • API Server URL: The Qualys API Server URL. For information on how to determine your Qualys API URL, see Qualys documentation.

  • Username and Password: The username and password associated with the Qualys user, which must have permissions to log in to the API server and return data.

Create a Qualys user

To ensure the user account that the Qualys WAS connector uses to access the Qualys server has the appropriate permissions, follow these steps.

  1. Log in to your organization's Qualys server.

  2. Navigate to Users, and then select the Users tab.

  3. Click New and select User. The New User dialog displays.

    Qualys VM New User

  4. Fill out the general information for the new user.

  5. Click User Role on the left menu.

    • From the User Role drop-down, select Reader.

    • Select GUI and API to enable API access, and leave Business Unit Unassigned.

      note

      GUI access allows the user to log in to the Qualys GUI (graphical user interface). After you create the new Qualys user, log in to the Qualys GUI using the new credentials. The system prompts the user to reset their password. The Qualys connector will not function until you complete the password reset.

      Qualys VM User Role settings

  6. Click Asset Groups.

    • From the Add asset groups drop-down, select All or only the asset groups the Qualys user needs access to.
  7. Click Permissions and select all of the available permissions.

  8. Click Options to modify the notification options as needed.

  9. Click Save.

The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.

If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.

note

If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.

Additional settings

The Qualys WAS connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 2.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the Qualys WAS API before giving up and reporting a failure. The default setting is 5.

  • Request timeout (secs): The maximum time allotted, in seconds, before a request times out. The default setting is 120 seconds. Although it is not recommended, you can also enter zero (0) to disable timeouts.

Types of data to retrieve

The Qualys WAS connector can retrieve the following types of data from Qualys:

Table 1: Data retrieved from Qualys WAS

Connector ObjectRequiredMaps to Data Model
ApplicationYesApplication
FindingYesDynamic Code Finding
Vulnerability DefinitionYesDynamic Code Finding Definition
info

For detailed steps on how to view the data retrieved from Qualys WAS in the Brinqa Platform, see How to view your data.

Operation options

The Qualys WAS connector supports the following operation options. See connector operation options for information about how to apply them.

Table 2: Qualys WAS connector operation options

Connector ObjectOptionAll Possible ValuesDescriptionExample
ApplicationupdatedDateAny date and time value in the UTC format.You can use this option to return all applications that were last updated on the specified date.Key: updatedDate Value: 2023-07-01. This key and value combination only retrieves applications that were last updated on July 1st, 2023.
FindinglastDetectedDateAny date and time value in the UTC format.You can use this option to return all findings that were last detected in your web applications by the specified date.Key: lastDetectedDate Value: 2023-07-01T00:00:00Z. This key and value combination only retrieves findings that were last detected on July 1st, 2023, at midnight UTC.
severity1, 2, 3, 4, 5A comma-separated list of finding severities. You can use this option to return all findings with the specified severity as determined by Qualys.Key: severity Value: 4,5. This key and value combination only retrieves findings of severity 4 and 5.
statusACTIVE, FIXED, NEW, REOPENEDA comma-separated list of finding statuses. You can use this option to return all findings with the specified status as determined by Qualys.Key: status Value: ACTIVE,REOPENED. This key and value combination only retrieves active and reopened findings.
Vulnerability DefinitionidsAny Qualys WAS vulnerability ID.A comma-separated list of vulnerability IDs. You can use this option to return all vulnerabilities with the specified ID.Key: ids Value: 316693,105484. This key and value combination only retrieves vulnerabilities associated with IDs 105484 and 316693.
note

The option keys and values are case-sensitive as they are shown in this documentation.

APIs

The Qualys WAS connector uses Qualys WAS API v3. Specifically, it uses the following endpoints:

Table 3: Qualys WAS API Endpoints

Connector ObjectAPI Endpoint
ApplicationGET /qps/rest/3.0/get/was/webapp/{id}
POST /qps/rest/3.0/search/was/webapp
FindingPOST /qps/rest/3.0/search/was/finding
Vulnerability DefinitionGET /api/2.0/fo/knowledge_base/vuln/

Changelog

The Qualys WAS connector has undergone the following changes:

Table 4: Qualys WAS connector changelog

note

This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.

VersionDescriptionDate Published
5.3.20No change.July 11th, 2025
5.3.19No change.July 2nd, 2025
5.3.18No change.June 30th, 2025
5.3.17No change.May 7th, 2025
5.3.16No change.April 23rd, 2025
5.3.15No change.April 8th, 2025
5.3.14No change.March 26th, 2025
5.3.13No change.March 12th, 2025
5.3.12No change.March 3rd, 2025
5.3.11No change.February 28th, 2025
5.3.10No change.January 29th, 2025
5.3.9No change.December 30th, 2024
5.3.8No change.November 14th, 2024
5.3.7No change.November 12th, 2024
5.3.6No change.November 7th, 2024
5.3.5Added a new additional setting to help prevent sync failures due to default timeout limits: Request timeout.October 21st, 2024
5.3.4No change.September 23rd, 2024
5.3.3No change.September 20th, 2024
5.3.2No change.August 23rd, 2024
5.3.1No change.August 15th, 2024
5.3.0No change.August 12th, 2024
5.2.4No change.July 26th, 2024
5.2.3No change.July 2nd, 2024
5.2.2No change.June 26th, 2024
5.2.1No change.May 15th, 2024
5.2.0No change.May 7th, 2024
5.1.13No change.April 16th, 2024
5.1.12The Vulnerability Definition object now maps to Dynamic Code Finding Definition.April 5th, 2024
5.1.11Updated dependencies.March 11th, 2024
5.1.10Updated dependencies.March 8th, 2024
5.1.9No change.February 8th, 2024
5.1.8No change.January 25th, 2024
5.1.7No change.September 19th, 2023
5.1.6No change.September 18th, 2023
5.1.5Added checks for null Common Vulnerability Scoring System (CVSS) vectors.September 12th, 2023
5.1.4No change.September 12th, 2023
5.1.3Updated to trim trailing spaces from the CVE IDs present in certain vulnerability definitions.August 29th, 2023
5.1.2No change.July 14th, 2023
5.1.1No change.July 10th, 2023
5.1.0No change.July 10th, 2023
5.0.18Added the SEVERITY_SCORE attribute to the Vulnerability Definition object.February 14th, 2023
5.0.17Code clean up and general maintenance.December 17th, 2022
5.0.16Code clean up and general maintenance.December 16th, 2022
5.0.15Code clean up and general maintenance.December 15th, 2022
5.0.14Added UID as identifier for all connector objects.December 9th, 2022
5.0.13Replaced the CATEGORY attribute with CATEGORIES on all connector objects.December 8th, 2022
5.0.12No change.December 8th, 2022
5.0.11Code clean up and general maintenance.December 5th, 2022
5.0.10No change.December 4th, 2022
5.0.9Code clean up and general maintenance.December 3rd, 2022
5.0.8Code clean up and general maintenance.December 3rd, 2022
5.0.7Code clean up and general maintenance.December 3rd, 2022
5.0.6Code clean up and general maintenance.December 2nd, 2022
5.0.5Code clean up and general maintenance.July 8th, 2022
5.0.4Replaced the Finding Definition object with Vulnerability Definition.May 12th, 2022
5.0.3Initial Integration+ release.April 26th, 2022