This guide covers Qualys VMDR setup for both MDR customers and Vulnerability Prioritization customers.

Integrating your Qualys VMDR scanner technology with Workbench allows Expel to aggregate and evaluate Qualys VM findings across your entire environment into cohesive Expel recommendations. The integration also enriches the VM findings with exploit information and vulnerability context, and prioritizes individual vulnerability findings. 

Prerequisites

  1. You must have access to the VMDR console with Admin rights, as you need to be able to create new users within the console.
  2. You must be able to manage a new API user and assign it to a Role within VMDR that has the following permissions enabled:
    • API access
    • Asset Management module access
    • Vulnerability Management module access
  3. You must be able to assign the Expel console user to a Role within VMDR that has the following permissions enabled:
    • UI access
    • Asset Management module access
    • Vulnerability Management module access

Quick Start

Setup includes the following steps (click any step for detailed instructions):

  1. Create a New API User in VMDR
  2. Create an Expel Console User in VMDR
  3. Add Qualys as a Security Device in Workbench

Step 1: Create a New API User in VMDR

You must create a new API user in the VMDR console that also has the appropriate module permissions. The purpose of this user is to generate API credentials that Expel can leverage to connect to Qualys. This user will be managed by you and should include your email (or you may use a group email address if this is within your company policy); this allows you full control of the API credentials and any necessary resets.

  1. Log in to Qualys.
  2. From the Dashboard, select the Users tab.
  3. Above the list of users, select New.
  4. Create a new console user, entering the following values for these attributes:
    • Name - enter "Expel API Key".
    • Email - enter your email address (you will manage this user).
    • Role - You must assign this user to a Role that has permission to access the application via the API, and that also has access to both the Asset Management and Vulnerability Management modules. The chosen Role may be an "Admin" role or a lesser role that has these three permissions enabled.
  5. Save the new user. 

Step 2: Create an Expel Console User in VMDR

You must also create a new user for Expel that has the appropriate UI and module permissions. The purpose of this user is to allow Expel to log in to the VMDR web console. 

  1. Still in the Qualys Dashboard on the Users tab, select New.
  2. Create a new console user for Expel, entering the following values for these attributes::
    • Name - enter "SOC & Expel".
    • Email - enter "soc@expel.io".
    • Role - You must assign this user to a Role that has permission to access the application via the API, and that also has access to both the Asset Management and Vulnerability Management modules. The chosen Role may be an "Admin" role or a lesser role that has these three permissions enabled.
    • Phone - enter "1-844-397-5762".
  3. Save the new user. An email will be generated that will allow Expel to activate the account and set a password.
  4. Before you continue to the next section, wait to hear back from Expel to confirm the Qualys login information (username and password) for this new user, as you will need it to set up the security device. Credentials will be sent to you via 1Password within 72 hours.

Step 3: Add Qualys as a Security Device in Workbench

Before you begin, make sure you have received Expel's Qualys login credentials via 1Password. You will need these credentials to configure the security device.

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > Security Devices.
  3. Select Add Security Device.
  4. In the search box, type “Qualys” and then select the Qualys integration.
  5. Complete the fields as follows:
    • Name - enter a name that might help you more easily identify this integration, such as “CompanyName Qualys”; this name will display in Workbench under the Name column, and is a text string that you can filter on.
    • Location - enter the location of your integration, for example “cloud;” this is also a text string that you can filter on, so we recommend being consistent with location naming across your Expel integrations.
    • Qualys platform API server URL - go to the Qualys Platform Identification page to find your API Server URL, then enter it here.
    • Username - enter the username for the API user.
    • Password - enter the password for the API user.
    • Select Save.
    • Select Set up now and then select Save to continue setting up your console access. 
    • Console URL - go to the Qualys Platform Identification page to find your Platform URL, then enter it here.
    • Username - enter the username for the Expel console user.
    • Password - enter the password for the Expel console user.
    • Two-factor secret key - optional; if one is needed as part of the web console login process, enter it here.
    • Select Save.
  6. Your device should be created successfully within a few seconds. A few reminders:
    • After your connection is healthy, it will take some time for your device to begin polling and receiving data.
    • To check on the status, click on the downward arrow for your device in the first column and choose View details. You can then scroll to the Connection section to see if your device is fully connected.
    • Polling will happen first; data will be received after that. You must refresh the page to see updates.
    • If you are a Vulnerability Prioritization customer, you may also go to Activity > Vulnerabilities to see an aggregated view of your vulnerabilities.
    • If your device does not begin polling and receiving data within 24 hours, contact support for help.