Qualys Knowledge Base (via Codeless Connector Framework)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Connector ID | QualysKbConnector |
| Publisher | Microsoft |
| Used in Solutions | Qualys VM Knowledgebase |
| Collection Method | CCF |
| Connector Definition Files | QualysKB_ConnectorDefinition.json |
| DCR Definition Files | QualysKB_DCR.json |
| CCF Configuration | QualysKB_PollingConfig.json |
| CCF Capabilities | Basic |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
| Microsoft Learn | View on Learn |
Ingest Qualys Knowledge Base Vulnerability Data into Microsoft Sentinel using version 4.0 of the Qualys API.
Tables Ingested
This connector ingests data into the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
QualysKB_CL 🔶 |
✓ | ✓ | ✓ | |
QualysKnowledgeBase |
Patchable in "0,1" |
✓ | ✓ | ✓ |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions:
- Workspace (Workspace): Read and Write permissions are required.
Custom Permissions:
- Qualys API access: Requires a Qualys User Account with read access to the Knowledge Base endpoints.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
Step 1: Set Credentials
Provide your Qualys API credentials to enable data ingestion from the Qualys Knowledge Base. To gather data from Qualys VM, you need to provide the following resources:
- API Credentials: username and password for an account with read access to the Knowledge Base API. You can find the exact permissions needed in the Qualys API documentation.
- API Server URL: the Qualys API server URL specific to your region. You can find the exact API server URL for your region here
- API Server URL: Enter API Server URL
- Username: Enter Qualys username
- Password: (password field)
Step 2: Set Any Optional Filters
Configure optional filters to customize which vulnerabilities are ingested. Learn more about available filters in the Qualys API documentation.
2a. Filter by Patch Status
Choose to only show vulnerabilities that are patchable or not patchable.
- Include vulnerabilities that are: (select)
- Both patchable and unpatchable (default)
- Patchable only
- Unpatchable only
2b. Filter by Discovery Method and Authentication Types
Choose to only receive vulnerabilities assigned a certain discovery method or having specific authentication types.
- Discovery Method (select)
- All methods (default)
- Remote
- Authenticated
- Remote Only
- Authenticated Only
- ... and 1 more options
- Discovery Authentication Types: e.g., Windows, Oracle, Unix, SNMP (comma-separated)
Step 3: Review and Enable
Review your configuration settings and enable the connector to start ingesting Qualys Knowledge Base data into Microsoft Sentinel.
- Click 'Connect Qualys KB' to establish connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊