Qualys Asset Discovery

Qualys is a cloud-based solution for IT, security, and compliance. The Qualys Cloud Platform provides complete, real-time inventory of IT assets, continuous assessment of security and compliance posture, vulnerability identification and compromised assets. Qualys helps to automatically patch and quarantine assets while consolidating security and compliance stacks to reduce spend.

With the Qualys Asset Discovery integration, organizations can document the devices discovered on the network and track them in the Devices application using one of the Archer use cases below.  Qualys Asset Discovery enables organizations to leverage the discovered devices and catalog those network devices within Archer.

On this page

Release notes

Release Version

Published Date

Notes

Archer 6.14

June 2024

Re-Signed JavaScript file.

Archer 6.14

January 2024

Pagination logic has been implemented for Qualys VM Knowledge Base data feed and data will be retrieved incrementally based on the “last modified before” and “last modified after” parameters.

Archer 6.14

October 2023

Data Field Mapping has been added for all the data feeds.

Archer 6.13

August 2023

Offering updates to accommodate the CPE input decoding logic for escaped characters. The XSLT has been updated for the following data feeds:

  • Archer 6.13 Qualys VM Hosts Extracted from Detections.dfx

  • Archer 6.13 Qualys VM Detections.dfx

Archer 6.12

February 2023

Archer 6.12 Qualys VM Knowledge Base Data Mapping update

Archer 6.7

December 2021

Re-signed JavaScript file

Archer 6.4 P1

November 2019

Initial Release

Overview

Benefits

The Qualys Asset Discovery integration with Archer enables organizations to catalog network devices on a corporate network.

Requirements

Components

Requirement

Archer Solution

  • Audit Management

  • IT & Security Risk Management

  • Regulatory & Corporate Compliance Management

  • Third Party Management

Archer Use Case(s)

The following use cases can take advantage of the information provided by the Qualys integration:

  • Archer Audit Engagements & Workpapers

  • Archer Third Party Governance

  • Archer Business Continuity & Disaster Recovery Planning

  • Archer IT Controls Assurance

  • Archer IT Security Vulnerability Program

  • Archer IT Risk Management

  • Archer Cyber Incident & Breach Response

  • Archer PCI Management

  • Archer Information Security Management System (ISMS)

  • Archer Data Governance

Archer Applications

Leverages the Devices application

Uses Custom Application

No

Required On-Demand License

No

Archer Requirements

Archer Qualys Vulnerability Management Integration for version details

Qualys Requirements

Valid Qualys license is required

Integration diagram

The following diagram provides an overview of the interaction between Qualys and the Archer Qualys integration offering.

Configure Qualys host

Configure the data feed

The Qualys Hosts data feed is a JavaScript transporter data feed that retrieves device related data from the Qualys URL and creates and updates the records in the Archer Devices application.

The data feed must be configured. After setting up the data feed, you can schedule it to run as needed per your organization’s requirements. For more information on scheduling the data feed, see the Scheduling Data Feed section.

Configure the JavaScript Transporter settings

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel (ACP).

  1. On the General tab, go to the JavaScript Transporter section.

    1. Open the Archer Control Panel.

    2. Go to Instance Management and select All Instances.

    3. Select the instance you want to use.

    4. On the General tab, go to the JavaScript Transporter section.

  2. In the Max Memory Limit field, set the value to 2048 MB (2 GB).

  3. In the Script Timeout field, set the value to 120 minutes (2 hours).

  4. (Optional) If you want to allow only digitally signed JavaScript files in the data feed, enable Require Signature.

    1. In the JavaScript Transporter Settings section, select the checkbox Require Signature. A new empty cell appears in the Signing Certificate Thumbprints section.

    2. In the Signing Certificate Thumbprints section, double-click an empty cell.

    3. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.

      For information on how to obtain digital thumbprints, see Obtaining Digital Thumbprints.

      If you enable Require Signature and specify no thumbprints, no JavaScript files will be accepted by the system.

    4. (Optional) If you want to add additional thumbprint sources, repeat steps 4b-4c for each thumbprint.

  5. On the toolbar, click Save.

Obtaining Digital Thumbprints

When running JavaScript data feed, you can set the Archer instance to only allow digitally signed JavaScript files from trusted sources for security considerations.

For a certificate to be trusted, all the certificates in the chain, including the Root CA certificate and Intermediate CA certificates, must be trusted on both the Web Server and Services Server machines.

Archer Technologies LLC Certificate in the Trusted Root CA Store

Archer Technologies LLC certificate is not present on every machine’s root by default.

  1. On the JavaScript file, right-click and select Properties.

    1. Click the Digital Signatures tab.

    2. From the Signature List window, select Archer Technologies LLC.

    3. Click the Details button.

    4. Click View Certificate.

    5. Click Install Certificate.

    6. Select Local Machine.

    7. Click Next.

    8. Select Place all certificates in the following store and click Browse.

      1. Select Trusted Root Certification Authorities and click OK.

      2. Click Next.

      3. Click Finish.

  2. Upon successful import, click OK.

Archer Technologies LLC Certificate in the Trusted Root CA Store

  1. In the Archer Control Panel environment, open the Manage Computer Certificates program.

    1. Click Start.

    2. Type:  certificate

    3. From the search results, click Manage Computer Certificates.

  2. Ensure that your trusted source certificates are in the Certificates subfolder of the Trust Root Certification Authorities folder.

  3. In the Certificates subfolder, double-click the Archer Technologies LLC certificate that contains the thumbprint you want to obtain.

  4. Verify that the certificate is trusted.

    1. In the Certificate window, click the Certification Path tab.

    2. Ensure that the Certificate Status window displays the following message:

      This certificate is OK.

      If the Certificate Status window displays something different, follow the on-screen instructions.

  5. Obtain the trusted certificate thumbprint.

    1. In the Certificate window, click the Details tab.

    2. Select the Thumbprint field.

      The certificate's digital thumbprint appears in the window.

Download the Qualys Hosts data feed

The Qualys Hosts data feed can be downloaded from the Qualys Vulnerability Management Integration exchange page: https://www.archerirm.community/t5/exchange-overviews/qualys-vulnerability-management-integration/ta-p/573408

  1. Open the above Exchange page and click on the Integration Package.

  2. Download the zip file.

  3. Extract the zip file and copy the Archer 6.14 Qualys VM Hosts.dfx5 file.

  4. Copy the signed-QualysAPI_V1_0_8.1.js JavaScript file.

  5. Paste both of the files into the location from which they will be used in this integration.

See the Integration Package page for any package updates related to the Devices application. If you find that a new package is available, you must install it before configuring this data feed.

Set up the Qualys Hosts data feed

Important: Before you upload a JavaScript file, configure the JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings. Except for the optional parameters specified in this procedure, changes to the API files used in the JavaScript Transporter QualysAPI.js file can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click .

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the Archer 6.14 Qualys VM Hosts.dfx5 file.

  4. Click Open.

  5. In the General Information section, in the Status field, select Active.

Key

Value

Username

[Valid value]

Default = [empty]

Password

[Valid value]

Default = [empty]

dataSource

hosts https://-integ.axonius.com/

hostsURL

https://[Insert Base URL]/api/2.0/fo/asset/host/?action=list&details=All&show_tags=1&vm_scan_since=

<LastRunTime>

Note: For a complete list of supported parameters for this URL call and their explanations, see the Qualys API 2.0 Reference Guide (https://www.qualys.com/docs/qualys-api-v2-user-guide.pdf). Archer recommends using parameters that chunk the data into consumable sizes to avoid memory constraints.

verifyCerts

false

 

  1. Click the Transport tab.

  2. In the Transport Configuration section, do the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the ‘signed-QualysAPI_V1_0_8.1.js’ file.

    4. Click Open.

    5. From the Upload JavaScript File dialog, click OK.

  3. The listed values are in place by default. They can be configured to suit your environment.

    The keys and values are case-sensitive and cannot include extra spaces at the end of the strings.
    For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  4. In the Custom Parameters section, enter key values. 

  5. Click Save.

  6. Click the Source Definition tab.

    1. Click the Tokens subtab.

    2. Verify token values.

Token Value

BatchContentSave

1000

LastRunTime

(Populated by feed)

LastFileProcessed

(Populated by feed)

PreviousRunContext

(Populated by feed)

For more information about tokens, see Data Feed Tokens in the Archer Online Documentation.

  1. Verify that key field values are not missing form the data feed setup window.

  2. Click Save.

Scheduling data feeds

When you schedule a data feed, the Data Feed Manager validates the information. If any information is invalid, an error message will display. You can save the data feed and correct the errors later, but that data feed is not processed until the errors are rectified.

Important: A data feed must be active and valid to successfully run.

  1. Go to the Schedule tab of the data feed that you want to modify.

    1. From the menu bar, click .

    2. Under Integration, click Data Feeds.

    3. Select the data feed that you want to modify.

    4. Click the Schedule tab.

  2. In the Recurrences section, enter the frequency, start and stop times, and time zone for the data feed.

  3. (Optional) In the Run Data Feed Now section, click Start to override the data feed schedule and run the data feed immediately. 

  4. Click Save. The following table describes the fields in the Recurrences section.

Field

Description

Frequency

Specifies the interval in which the data feed runs.

  • By minute:  Runs the data feed by the minute interval set. For example, if you specify 45 in every list, the data feed executes every 45 minutes.

  • Hourly:  Runs the data feed by the hourly interval set. For example, every hour (1), every other hour (2), and so forth.

  • Daily:  Runs the data feed by the daily interval set. For example, every day (1), every other day (2), and so forth

  • Weekly:  Runs the data feed based on a specified day of the week. For example, every Monday of the first week (1), every other Monday (2), and so forth.

  • Monthly: Runs the data feed based on a specified week of the month. For example, 1st, 2nd, 3rd, 4th, or last.

Reference:  Runs a specified data feed that will run before the current one. This option indicates to the Data Feed Service that this data feed starts as soon as the referenced data feed completes successfully. From the Reference Feed list, select after which existing data feed the current data feed starts. A reference data feed will not run when immediately running a data feed. The Data Feed Now option only runs the current data feed.

Every

Specifies the interval of the frequency in which the data feed runs.

Start Time

Specifies the time the data feed begins running.

Start Date

Specifies the date on which the data feed schedule begins.

Time Zone

Specifies the time zone in of the server that runs the data feed.

  1. Navigate to the Data Map tab and verify the following mapping of the Source and Target fields.

Source Fields

Target Fields

DFMKey    

Device Unique Key

DEVICE_NAME

Device Name

Source

Last Updated By

DeviceScanned

Device Scanned Flag

ID

Qualys Device ID

IP

Internal IPv4 Address

TRACKING_METHOD

Qualys Tracking Method

NETWORK_ID

Qualys Network ID

DNS

Primary DNS Server Name

EC2_INSTANCE_ID

EC2 Instance ID

NETBIOS

Network Name

OS

Operating System

QG_HOSTID

QualysGuard HostID

TAGS/TAG/TAG_ID

Tags(Sub-Form)

Tags/Tag ID

TAGS/TAG/TAG_TITLE

Tags/Name

METADATA/ATTRIBUTE/DFMKey

EC2 Attributes(SubForm)

EC2 Attributes/DFMKey

METADATA/ATTRIBUTE/TYPE

EC2 Attributes/Type

METADATA/ATTRIBUTE/NAME

EC2 Attributes/Name

METADATA/ATTRIBUTE/LAST_STATUS

EC2 Attributes/Last Status

METADATA/ATTRIBUTE/VALUE

EC2 Attributes/Value

METADATA/ATTRIBUTE/LAST_SUCCESS_DATE

EC2 Attributes/Last Success Date

METADATA/ATTRIBUTE/LAST_ERROR_DATE

EC2 Attributes/Last Error Date

METADATA/ATTRIBUTE/LAST_ERROR

EC2 Attributes/Last Error

LAST_VULN_SCAN_DATETIME

Last Scan Date Time

LAST_VM_SCANNED_DATE

Last Vulnerability Unauthenticated Scanned Date Time

LAST_VM_SCANNED_DURATION

Last Vulnerability Unauthenticated Scanned Duration

LAST_VM_AUTH_SCANNED_DATE

Last Vulnerability Authenticated Scanned Date Time

LAST_VM_AUTH_SCANNED_DURATION

Last Vulnerability Authenticated Scanned Duration

LAST_COMPLIANCE_SCAN_DATETIME

Last Compliance Scan Date Time

ASSET_GROUPS/ASSET_GROUP/ASSET_GROUP_NAME

Asset Group(s)

OWNER

Qualys Device Owner

COMMENTS

Comments

  1. Test the data feed to ensure that all device details from Qualys were imported into the Devices application. If testing fails, try verifying the data feed and re-run the data feed. If you experience multiple failures, contact your Archer Partner.

Certification environment

Date Tested: June 2024

Product Name Version Information Operating System

Archer Suite

6.14

Virtual Appliance

Qualys

NA

NA