Qualys vulnerability information for IBM QRadar SIEM is popular being ask topic. Beside make use of the free application develop by Qualys for QRadar. QRadar can retrieve vulnerability information from the Qualys API or through a download of a scan reports from a QualysGuard appliance. This article will be address co customer who had Qualys and QRadar implement to achieve continuous vulnerability, risk monitoring and security intelligence.
Qualys vulnerability information for IBM QRadar SIEM in general make use of Qualys Scanner. The Qualys Detection Scanner uses the QualysGuard Host Detection List API to query across multiple scan reports to collect vulnerability data for assets. The returned data contains the vulnerability as an identification number, which QRadarcompares against the latest Qualys Vulnerability Knowledge Base. The Qualys Detection Scanner does not support live scans, but enables the Qualys Detection Scanner to retrieve vulnerability information aggregated across multiple scan reports. QRadar supports the key search parameters, such as the Operating System Filter and Asset Group Name field. The Qualys Detection Scanner provides an option to configure how frequently the Qualys Vulnerability Knowledge Base is retrieved and cached by QRadar. This is the Qualys Vulnerability Retention Period field. Administrators have an option to force an update of the Qualys Vulnerability Knowledge Base for every scan. The Qualys user account you specify for QRadarmust have permissions enabled to download the Qualys KnowledgeBase. QualysGuard vulnerability and asset information is supported on QualysGuard appliances using software version 4.7 to 7.10.
QRadar retrieve vulnerability information from the Qualys API
To configure a Qualys host detection API