Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Adding a Qualys Scheduled Import Scan Report

Add a scan report data import to schedule JSA to retrieve scan reports from your Qualys scanner.

  1. On the Admin tab, click the VA Scanners icon, and then click Add.
  2. In the Scanner Name field, type a name to identify your Qualys scanner.
  3. Give your Qualys scanner a name and description.
  4. From the Type list, select Qualys Scanner.
  5. Configure the following parameters:

    Parameter

    Description

    Qualys server host name

    The fully qualified domain name (FQDN) or IP address of the QualysGuard management console. If you type the FQDN, the host name and not the URL, use the following syntax qualysapi.qualys.com or qualysapi.qualys.eu.

    Qualys username

    The user name that you specify must have access to download the Qualys KnowledgeBase. For more information about how to update Qualys subscription, see your Qualys documentation.

    Qualys password

    The password for your Qualys login.
  6. If you use a proxy server, select the Use Proxy check box and configure the credentials for the proxy server.
  7. If a client certificate is required for your Qualys account, select the Use Client Certificate check box and configure the Certificate File Path field and Certificate Password fields.
  8. From the Collection Type list, select Scheduled Import - Scan Report. This option pulls in the scan results from the Scans tab of the Qualys Enterprise console.
  9. Configure the following parameters:

    Parameter

    Description

    Option Profiles

    The name of the option profile to determine which scan to start. JSA retrieves the completed live scan data after the live scan completes. Live scans support only one option profile name per scanner configuration.

    Scan Report Name Pattern

    The regular expression (regex) to filter the list of scan reports.

    Max Reports Age (Days)

    Files that are older than the specified days and time stamp on the report file are excluded when the schedule scan starts.

    Import File

    The directory path to download and import a single scan report from Qualys, for example, /qualys_logs/test_report.xml. If you specify an import file location, JSA downloads the contents of the asset report from Qualys to a local directory and imports the file. If you leave this field blank or if the file or directory cannot be found, the Qualys scanner uses the API to retrieve the asset report by using the value in the Options Profile field.
  10. To create custom vulnerabilities from the live scan data, select the Enable Custom Vulnerability Creation check box, and then select options that you want to include.
  11. To configure a CIDR range for your scanner, configure the CIDR range parameters and click Add.
  12. Click Save.

You are now ready to create a scan schedule. See Scheduling a Vulnerability Scan.

Related Documentation