Qualys Vulnerability Management (via Codeless Connector Framework)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | QualysVMLogsCCPDefinition |
| Publisher | Microsoft |
| Used in Solutions | QualysVM |
| Collection Method | CCF |
| Connector Definition Files | QualysVMHostLogs_ConnectorDefinition.json |
| DCR Definition Files | QualysVMHostLogs_DCR.json |
| CCF Configuration | QualysVMHostLogs_PollingConfig.json |
| CCF Capabilities | Basic, Paging |
| Microsoft Learn | View on Learn |
The Qualys Vulnerability Management (VM) data connector provides the capability to ingest vulnerability host detection data into Microsoft Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
QualysHostDetectionV3_CL |
✓ | ✓ | ✓ |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions:
- Workspace (Workspace): Read and Write permissions are required.
Custom Permissions:
- API access and roles: Ensure the Qualys VM user has a role of Reader or higher. If the role is Reader, ensure that API access is enabled for the account. Auditor role is not supported to access the API. For more details, refer to the Qualys VM Host Detection API and User role Comparison document.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect Qualys Vulnerability Management to Microsoft Sentinel
- Qualys API User Name: Enter UserName
- Qualys API Password: (password field)
- Qualys API Server URL: Enter API Server URL
NOTE: To gather data for Detections based on Host, expand the DetectionList column in the table. To gather data from Qualys VM, you need to provide the following resources
1. API Credentials
To gather data from Qualys VM, you'll need Qualys API credentials, including your Username and Password.
2. API Server URL
To gather data from Qualys VM, you'll need the Qualys API server URL specific to your region. You can find the exact API server URL for your region here
3. Truncation Limit
Configure the maximum number of host records to retrieve per API call (20-5000 range). Higher values may improve performance but could impact API response times.
- Truncation Limit (select)
- 1000 - API default value
- 20 - Minimal load, slower collection
- 100 - Low load
- 500 - Moderate load
- 2500 - High load, faster collection
- ... and 1 more options
- Click 'Connect' to establish connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊