Am I reading the right user guide?
Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).
To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.
About
Web apps, often plagued by vulnerabilities and misconfigurations due to poor coding and faulty hardening policies, can be put on your network by almost anyone. Large organizations have hundreds, even thousands of apps. Qualys WAS gives you visibility and control by finding official and “unofficial” apps throughout your environment and letting you categorize them.
When integrated into the Vulcan Platform, you'll be able to review Websites vulnerabilities on your assets while leveraging the power of Vulcan Cyber discoverability and automation.
Prerequisites and User Permissions
You can either use an existing user and make sure it has the required permissions and assigned roles or create a new user for the Qualys Was integration.
Step A: Setup an API role in Qualys WAS
Go to Administration > Role Management
Edit an existing role or create a new role with the following permissions.
The Role access and permissions required are API Access and Web Application Scanning Module.
See it in action:
Step B: Assign the Role to the relevant user
Assign the created role to a user. In the example below, we created a dedicated role called "WAS API" and assigned it to the user we are using for the integration.
Go to Administration > User Management > Click on the relevant user and then click Actions > Edit.
Go to Roles and Scopes.
Add the created role to the Assigned roles of this user.
See it in action:
Configure the Qualys WAS Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Qualys WAS icon.
Enter the following information into the connector setup page.
Platform: Select your platform. Click here to learn how to identify your Qualys platform.
Username and password: Make sure you set the user properly first. See Prerequisites and User Permissions.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Qualys WAS instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Qualys WAS icon shows Connected, the connection is complete.
From Qualys WAS to the Vulcan Platform - Fields Mapping
Connector Fields Mapping
Qualys WAS | Vulcan field |
WebApp name | Website name |
Created date | Launch date |
Type | Type |
QID | QID |
Severity | Severity |
First detected date | First seen |
Last detected seen | Last seen |
URL | URL |
External ID | External ID |
Start sync timestamp | Vulcan Update timestamp |
Result list | Result list |
CWE List | CWE |
OWASP Name | OWASP Name |
OWASP URL | OWASP URL |
Vulnerability Score Mapping
Qualys WAS Score | Vulcan score |
5 | 10 |
4 | 7.5 |
3 | 5 |
2 | 2.5 |
1 | 0 |
0 | 0 |
Vulnerability Status Mapping
Qualys Status | Vulcan Statue |
Any status other than "Fixed" | Vulnerable |
Fixed | Fixed |
Locate Qualys WAS vulnerabilities in the Vulcan Platform
As Qualys WAS discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. With many assets and vulnerabilities, discovering specific vulnerabilities via source is made easy with filters.
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source or Connector.
Locate Qualys WAS on the vulnerability source list and click to filter results.
Click on any vulnerability to view further information.
Locate Qualys WAS assets in the Vulcan Platform
To locate all synced website application assets from Qualys WAS, Go to the Assets tab in Vulcan Cyber.
Open the Vulcan Cyber dashboard and navigate to Assets > Websites tab.
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Qualys WAS option to view all synced assets.
Automate Qualys WAS vulnerability actions in the Vulcan Platform
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Qualys WAS connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.