Qualys uses Basic Authentication for its API credentials; this means it utilizes a username/password combo for access. We highly recommend creating a new user specifically for API access. This will allow for proper auditing and access controls without affecting your other users.

To connect to Qualys, we require:

  1. Username
  2. Password

The API URL will be automatically determined based on the username provided. You do not need to specify the URL when creating the connection. For more information on Qualys platform identification and API URLs, please refer to the Qualys Platform Identification page.

Creating a new user

1

Create User

  1. Log into your Qualys console; under the Vulnerability Management module, click the “Users” tab.
  2. In the top right of the User table - Click New -> User.
  3. Fill in the first name and last name with values like: “API”, “User”. And attach it to a valid email address within your organization; this can be an alias or service account but will be needed for activation.
2

Assign Permissions

  1. For User Role, use the following values:
    • Reader
    • GUI and API access; GUI is needed for activation
    • Business unit - Assign a relevant BU for the data you would like the integration to be able to read. In many cases, it can be “Unassigned”.
  2. For Asset Groups: assign all relevant groups for the integration to be able to read. In many cases, it should be “All”.
  3. For Permissions: “Manage VM module” should be checked.
  4. No notifications are needed; all can be turned off.
  5. Symantec 2FA should be disabled.
3

Activate the account

  1. Once the user is created, you will receive an email with a link to activate the account. Click the link, and a password will be provided for the new user.
  2. Log in to the Qualys console with the new user to finish the activation process.
4

Ensure CVSS data is enabled

  1. Go to the “Vulnerability Management” module.
  2. Click on the “Reports” tab.
  3. Click on “Setup” tab.
  4. Open the “CVSS” Tile.
  5. Ensure that the “Enable CVSS Scoring” checkbox is checked.

Copy the username and password into the Qualys connector in their respective fields.