# Qualys ### Overview The Veza integration for Qualys provides visibility into users, asset groups, roles, and permissions within the Qualys Enterprise TruRisk Platform. The integration enables: * Discovery of Qualys users, roles, and permissions * Mapping asset groups and their associated resources * Tracking business impact ratings and ownership of asset groups * Insight into user activity, account status, and business unit associations #### Prerequisites 1. A Qualys platform account. The integration is tested with the "Small Business" Qualys package. 2. A dedicated service account for the integration: * Create a dedicated Qualys user account for the integration * Do not use personal user accounts for integration authentication 3. Ensure the service account has the required permissions: * The account must have "Manager" role permissions to access all required data * The account must have API access enabled ### Configuring Qualys The integration uses basic HTTP authentication with your Qualys credentials. To configure the integration in Veza, you will need: * A valid Qualys username * A valid Qualys password * Your Qualys [platform URL](https://www.qualys.com/platform-identification/) (varies by account region) ### Configuring Qualys on the Veza Platform 1. In Veza, go to the **Integrations** page 2. Click **Add Integration** and search for Qualys 3. Click on the Qualys integration to open the configuration. 4. Enter the required fields 5. Click **Create Integration** to save the configuration #### Configuration Options | Field | Notes | | ---------- | -------------------------------------------------- | | Name | A friendly name to identify the unique integration | | Username | The username for your Qualys API access | | Password | The password for your Qualys API access | | Qualys URL | Your Qualys API endpoint URL | ### Notes and Supported Entities The Qualys integration uses platform APIs to discover and map the following entities: * Users → Local Users * Asset Groups → Resources * Roles → Local Roles * Permissions → Local Permissions #### Users | Attribute | Notes | | --------------- | -------------------------------------------------------------- | | `id` | Mapped from USER\_ID, provides unique identifier | | `name` | Concatenated from FIRSTNAME and LASTNAME fields | | `email` | User's email address | | `is_active` | Derived from USER\_STATUS | | `created_at` | Account creation timestamp (RFC 3339 format) | | `last_login_at` | Most recent login timestamp (RFC 3339 format) | | `user_login` | Unique login identifier | | `title` | User's job title | | `business_unit` | Organizational unit association | | `user_status` | Full status description (Active, Inactive, Pending Activation) | #### Asset Groups | Attribute | Notes | | ----------------- | --------------------------------------------- | | `id` | Unique identifier for the asset group | | `name` | Display name of the asset group | | `owner_user_id` | Id of the asset group owner | | `updated_at` | Last modification timestamp (RFC 3339 format) | | `business_impact` | Business criticality rating | | `owner_user_name` | Name of the asset group owner | | `host_id_list` | Associated host identifiers | #### Permissions and Access Controls Qualys uses a role-based permission system where user access is governed by assigned role and any extended permissions. The integration maps Qualys roles and permissions to their corresponding Effective Permissions: Core Roles: * **Manager**: Full access to all assets and management capabilities * **Unit Manager**: Management within assigned business unit * **Scanner**: Can run scans and reports on assigned assets * **Reader**: View and reporting access * **Remediation User**: Access to remediation tickets and vulnerability data * **User Administrator**: User and asset group management * **Contact**: Limited to scan notifications * **Auditor**: Compliance management and reporting Access to **asset groups** depends on the user's role: * Managers, Auditors, and User Administrators have access to all asset groups * Unit Managers, Scanners, Readers, and Remediation Users can only access asset groups: * Created by the user * Explicitly assigned to the user * Associated with their business unit * Individual assets within asset groups are not currently supported The integration currently supports the following **extended permissions**: * Create option profiles * Purge host information/history * Add assets * Create/edit remediation policy * Create/edit authentication records/vaults **Business units** in Qualys define organizational boundaries for access control. User access to "All" asset groups depends on their business unit assignment: * Users **assigned to a business unit** have access only to asset groups within their business unit: * When assigned to "All" asset groups, access is limited to their business unit's asset groups * This access is represented by a " - All" resource in Veza * For users **without** a business unit assignment: * When assigned to "All" asset groups, access is limited to asset groups created by the Qualys account owner * This access is represented by an "Unassigned - All (My Asset Groups)" resource in Veza Note: Direct mapping between business unit names and unit IDs is not available due to API constraints.\`, --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/qualys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.