Qualys VM Solution

Solution: QualysVM

QualysVM Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com
Categories	domains
Version	3.0.7
Author	Microsoft - support@microsoft.com
First Published	2020-12-14
Last Updated	2025-11-18
Solution Folder	QualysVM
Marketplace	Azure Marketplace · Popularity: 🟢 High (90%)

The Qualys Vulnerability Management solution for Microsoft Sentinel enables you to ingest host vulnerability detection data into Microsoft Sentinel.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

• Microsoft Sentinel Codeless Connector Framework

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s) (plus 1 discovered⚠️):

🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 3 table(s):

Table	Used By Connectors	Used By Content
`QualysHostDetectionV2_CL` 🔶	[DEPRECATED] Qualys Vulnerability Management	Analytics, Workbooks
`QualysHostDetectionV3_CL`	Qualys Vulnerability Management (via Codeless Connector Framework)	Analytics, Workbooks
`QualysHostDetection_CL` 🔶	[DEPRECATED] Qualys Vulnerability Management	Analytics, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 8 content item(s):

Content Type	Count
Playbooks	4
Analytic Rules	2
Workbooks	1
Parsers	1

Analytic Rules

Name	Severity	Tactics	Tables Used
High Number of Urgent Vulnerabilities Detected	Medium	InitialAccess	`QualysHostDetectionV2_CL` `QualysHostDetectionV3_CL` `QualysHostDetection_CL`
New High Severity Vulnerability Detected Across Multiple Hosts	Medium	InitialAccess	`QualysHostDetectionV2_CL` `QualysHostDetectionV3_CL` `QualysHostDetection_CL`

Workbooks

Name	Tables Used
QualysVMv2	`QualysHostDetectionV2_CL` `QualysHostDetectionV3_CL` `QualysHostDetection_CL`

Playbooks

Name	Description	Tables Used
QualysVM-GetAssetDetails	When a new sentinel incident is created, this playbook gets triggered and performs the following act...	-
QualysVM-GetAssets-ByCVEID	When a new sentinel incident is created, this playbook gets triggered and performs the following act...	-
QualysVM-GetAssets-ByOpenPort	When a new sentinel incident is created, this playbook gets triggered and performs the following act...	-
QualysVM-LaunchVMScan-GenerateReport	When a new sentinel incident is created, this playbook gets triggered and performs the following act...	-

Parsers

Name	Description	Tables Used
QualysHostDetection	-	`QualysHostDetectionV2_CL` (read) `QualysHostDetectionV3_CL` (read) `QualysHostDetection_CL` (read)

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.7	18-11-2025	Adding adjustable API partition limit & rate limit protection.
3.0.6	18-09-2025	Updated Analytic rules, Parsers, and Workbooks in Sentinel solution content for CCF connector compatibility.
3.0.5	29-07-2025	Removed Deprecated Data Connector.
3.0.4	30-06-2025	QualysVM CCF Data Connector moving to GA
3.0.3	27-05-2025	New CCP Connector added to the Solution.
3.0.2	08-04-2025	Add HostTags to Data Connector and Parsers.
3.0.1	07-01-2025	Removed Custom Entity mappings from Analytic Rule.
3.0.0	16-04-2024	Added Deploy to Azure Goverment button for Government portal in Dataconnector.