Qualys Web Application Scanning (WAS) Integration

Archer integrates to Qualys Web Application Scanning (WAS) through their API to extract vulnerability details, web app details, and web app scan results. The integration provides a clearer understanding of the data and vulnerability impacts to your broader Enterprise & Operational Risk Management program, allowing for prioritization on resolution based on impacts.

Archer Exchange: With the Archer Exchange, the Archer team has created a broad selection of supplemental, value-added offerings to help you get your unique risk management program on the right path, right from the start. You can leverage the Archer Exchange offerings to expand the use of Archer solutions into new business processes and address specific industry, geographic, regulatory, or technical requirements.

To learn more, see Qualys Web Application Scanning (WAS) Integration on the Archer Exchange.

On this page

Release notes

Version Release Date Notes

Archer 2025.04

September 2025

The JavaScript Transporter in Data Feed Manager has been updated to use Fetch instead of Request. Fetch is a modern JavaScript API for making HTTP requests, offering a simpler and more powerful alternative to the older Request library.

For more information, see the following blog post: Data Feed Manager JavaScript Transporter Scripts Require Update.

Archer 2025.04

July 2025

Initial Version

Key features and benefits

The integration between Qualys Web Application Scanning (WAS) and Archer’s IT Security Vulnerabilities Program (ITSVP) enables organizations to centralize and manage web application vulnerabilities within their broader enterprise risk management framework.

  • The integration utilizes a JavaScript-based transport data feed, allowing for efficient and flexible data ingestion.
  • This is a unidirectional integration, with data flowing from Qualys WAS into Archer.
  • Data feeds can be scheduled to run as frequently as daily, ensuring near real-time visibility into application vulnerabilities.
  • The integration brings in both application-level data (App Scan Applications) and vulnerability findings (App Scan Results) into purpose built Archer applications.
  • The ITSVP dashboards have been enhanced to include application scanning data, providing a unified view of infrastructure and application-level vulnerabilities.
  • The integration allows organizations to map web application vulnerabilities to enterprise applications within Archer, enabling a more holistic view of risk.
  • By consolidating vulnerability data in Archer, organizations can prioritize remediation efforts and track risk mitigation and exceptions more effectively.

Prerequisites (ODA and system requirements)

The following table lists the components and prerequisites for the Qualys Web Application Scanning (WAS) integration.

Components

Prerequisites

Archer Solution Area(s)

IT Security & Risk Management

Archer Use Case(s)

Archer IT Security Vulnerabilities Program

Archer Applications

App Scan Applications, App Scan Results

Uses Custom Objects

No

Requires Archer On-Demand License

Zero (0) Archer On-Demand Application (ODA) licenses are required for this offering.

Archer Platform Requirements

Archer Platform Release 2025.04 and later

Supported Archer Environments

  • On-Premise

  • SaaS

Partner/Vendor Requirements

Valid Qualys license is required. Additional fees may apply.

Related applications

The following table lists the related applications for Qualys Web Application Scanning (WAS) integration.

Application

Use Case

Primary Purposes of the Relationship

App Scan Applications

IT Security Vulnerabilities Program

The App Scan Applications application maps the application that was scanned by the vulnerability scanner to the Applications application provided in the Enterprise Catalog. This also links all App Scan Results found on a given application. Not all App Scan Application records will be mapped to the Enterprise Catalog. This is at the discretion of the client.

App Scan Results

IT Security Vulnerabilities Program

The App Scan Results application stores the issues that result from every new record that is created from the vulnerability scanner such as App Name, URL, owner, department, description, notes, recommendations, and much more. These records contain the technical recommendation for each scan result and allow for reporting on the total number of issues, regardless of which system detects it.

Vulnerability Library

IT Security Vulnerability Program

The Vulnerability Library application represents a catalog of vulnerability data collected from Archer Exchange integration offerings. The Vulnerability Library is updated each week or month by data feeds depending on the source. The library includes data points such as:

  • Vulnerability publication date
  • Title
  • Consequence
  • Recommended solution
  • Severity
  • CVSS scoring

Records can be linked to affected devices, vulnerability or App scan results, and malicious code found to exploit the vulnerability. The Vulnerability Library also provides a method for generating exception requests, identifying mitigating strategies, and denoting affected ports.

By tying vulnerabilities to assets, you can properly analyze, prioritize, and respond proactively to address the threat for vulnerable assets. The Vulnerability Library provides the ability to:

  • Automatically import data from Archer Exchange integration offerings.
  • Notify appropriate personnel automatically when new vulnerabilities are identified.
  • Research potential threats and produce real-time reports that aid in the creation of action plans.

Additional Resources

The following additional resources are available for this offering:

Qualys Web Application Scanning (WAS) integration components

Architecture diagram

The following diagram shows the relationships between the applications that make up Qualys Web Application Scanning (WAS) integration.

Architecture diagram

Process diagram

The following diagram shows the general workflow of the application.

IT Security Vulnerabilities Program workflow

Setting up the Qualys Web Application Scanning (WAS) integration

The information in this publication is provided "as is". Archer makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Client is solely responsible for ensuring that the installation of the application is performed in a secure manner. Archer recommends clients perform a full security evaluation prior to implementation.The information in this publication is provided "as is". Archer makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Client is solely responsible for ensuring that the installation of the application is performed in a secure manner. Archer recommends clients perform a full security evaluation prior to implementation.

Setting up the integration data feeds

This section provides instructions for configuring the Qualys Web Application Scanning integration data feeds in the Archer Platform. This document is not intended to suggest optimum installations or configurations. 

It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.

The Archer IT Security Vulnerability Program use case must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. 

The integration described in this guide is being provided as a reference implementation for evaluation and testing purposes.  It may or may not meet the needs and use cases for your organization.  If additional customizations or enhancements are needed, it is recommended that customers contact Archer Professional Services for assistance.

Included data feeds

The following data feeds are provided with this integration.

Data Feed

Description     

Archer Qualys Knowledge Base

This is a JavaScript Transporter feed that utilizes API calls to extract all exploitable vulnerabilities from a Qualys vulnerability database. Qualys data is imported and leveraged in the Vulnerability Library application. 

Archer Qualys WAS Applications

This data feed retrieves the full list of applications being scanned by Qualys WAS. These applications will be stored in the App Scan Apps Archer application.

Archer Qualys WAS Findings

This data feed retrieves the findings for each application being scanned by Qualys. These results are stored in the App Scan Results application and are cross referenced to the App Scan Apps.

Data feed import sequence

Import and run the data feeds in the following order:

  1. Archer Qualys Knowledge Base

  2. Archer Qualys WAS Applications

  3. Archer Qualys WAS Findings

Configure JavaScript Transporter Settings

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel.

  1. Open the Archer Control Panel.

  2. Go to Instance Management > All Instances.

  3. Select an instance.

  4. On the General tab, go to the JavaScript Transporter section.

  5. In the Max Memory Limit field, set the value to 2048 MB (2 GB).

  6. In the Script Timeout field, set the value to 120 minutes (2 hours).

  7. Require Signature is active by default on install. Signed Certificate Thumbprints are required for all Hosted clients.

    1. In the Signing Certificate Thumbprints section, add a thumbprint for each digitally signed JavaScript file.

      1. In the Signing Certificate Thumbprints section, double-click an empty cell.

      2. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.

        Note: For more information on how to obtain digital thumbprints, see "Digital Thumbprints" below.

        Important: If you enable Require Signature and do not specify thumbprints, JavaScript files will not be accepted by the system.

  8. On the toolbar, click Save.

When running JavaScript data feeds, you can set the system to only allow digitally signed JavaScript files from trusted sources for security considerations.

For a certificate to be trusted, all certificates in the chain, including the Root CA Certificate and Intermediate CA certificates, must be trusted on both the Web Server and Services Server machines.

By default, the Archer Technology LLC certificate is not present on every machine’s root.

  1. On the JavaScript file, right-click and select Properties.

    1. Click the Digital Signatures tab.

    2. From the Signature List window, select Archer Technologies LLC.

    3. Click the Details button.

    4. Click View Certificate.

    5. Click Install Certificate.

    6. Select Local Machine.

    7. Click Next.

    8. Select Place all certificates in the following store, and click Browse.

      1. Select Trusted Root Certification Authorities, and click OK.

      2. Click Next.

      3. Click Finish.

  2. Click OK.

  1. On the Web Server and Services Server machines, open the Manage User Certificates program.

    1. From the Windows Start menu, launch certmgr. (Manage User Certificates).

    2. Navigate to Certificates – Local Computer > Trusted Root Certification Authorities > Certificates.

    3. Ensure the following certificates are in the Certificates sub-folder of the Trust Root Certification Authorities folder:

      • Archer Technologies LLC.

      • Archer Security 2048 V3 (Standard certificate).

  2. Verify that the certificate is trusted.

    1. Double-click the Archer Technologies LLC certificate.

    2. In the Certificate window, click the Certification Path tab.

    3. Ensure that the Certificate Status window displays the following message: “This certificate is OK.”

      Note: If the Certificate Status window displays a different message, follow the onscreen instructions.

  3. Obtain the trusted certificate thumbprint.

    1. In the Certificate window, click the Details tab.

    2. Scroll to and select the Thumbprint field.

      The certificate's digital thumbprint appears in the window.

    3. Copy the thumbprint.

      Note: For information on adding digital thumbprints, see Step 7a of "Configuring the JavaScript Transporter Settings".

The integration leverages the API (/api/2.0/fo/knowledge_base/vuln/?action=list) to obtain vulnerability data, such as the vulnerability description, threat, and impact. The feed initiates the request to download the vulnerabilities from Qualys’ Knowledge Base by targeting the Qualys platform where your account is located, along with the availability to pass additional API parameters.

Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.

Important: Except for the optional parameters specified in this procedure, changes to the JavaScript Transporter configuration file can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

Important: Due to high volume of Knowledge Base content, the data feed will retrieve the content for the last 10 years only. For the initial base load of data, the data feed should be executed with the last_modified_after parameter set to <LastRunTime> (default setting) and the Last Run Time at the Run Configuration setting should be blank. On subsequent data feed executions since the Last Run Time token will be populated by after the initial data feed execution, the data feed will update incremental content.

Due to inconsistent high volume of data, the data feed should be executed with the following parameter values. 

  1. requestsPerMin = 5 for Qualys Standard Level Subscription(default), 12 for Enterprise Level Subscription and 33 for premium level subscription.

  2. last_modified_after = The default value is <LastRunTime> token. The first run of the data feed will be for initial data population as the token is empty. For subsequent runs, the data feed will take the Last Run Token value and update the incremental data. In case of specific requirements, provide the value of the required date in YYYY-MM-DD format.

  3. last_modified_before= The default value of the parameter is Current Date. In case of specific requirements, provide the value of the required date in YYYY-MM-DD format.

  4. daysToBeIncremented= The default value has been set to 45 days. The maximum value that can be set is 50 days.

  5. The Max Memory Limit (MB) in the JavaScript Transporter settings of Archer Control Panel was increased to 2048 MB (default 1024 MB).

The data feed executed successfully during the testing with the above set of parameters. In case the script fails due to high volume of data, apply the following configurations and execute the data feed again.

  • Decrease the `daysToBeIncremented` parameter values.

  • Increase the Max Memory Limit (MB) in the JavaScript Transporter settings of Archer Control Panel

Important: No truncation_limit is available for Knowledge Base data. Ultimately without the availability of a truncation_limit, we are unable to fully leverage our output writer and therefore not able to write portions of the data to file. We are storing the entirety of the data in memory which requires a temporary increase in the Max Memory Limit in the Archer Control Panel. The data feed will pull data for the last 10 years only. This limit has been set due to high volume of data.

To facilitate a successful initial load of the knowledge base, we suggest using the 'last_modified_after' and 'last_modified_before' parameters to limit the data loaded. We would suggest loading the knowledge base from oldest to newest.

  1. last_modified_after = 2000-01-01 and last_modified_before = 2010-12-31

  2. last_modified_after = 2010-01-01 and last_modified_before = 2020-12-31

  3. last_modified_after = 2020-01-01 and last_modified_before = 2024-12-31

The nearer the current date, the larger the volume of data being modified. Adjust accordingly until current date is reached. after, this initial load, you can run the data feed using the LastRunTime token value and run the data feed as the start of the series of feeds.

To Import the data feed, follow these steps.

  1. Go to the Manage Data Feeds page with the following steps:

    1. From the menu bar, click the icon.

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the Archer Qualys VM Knowledge Base.dfx5 file.

  4. Click Open.

  5. In the General Information section, in the Status field, select Active.

  6. In the Additional Properties section, enable Optimize Calculations.

  7. Click the Transport tab.

  8. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-QualysAPI_V1_0_8.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  9. In the Custom Parameters section, enter key values.

  10. The following table describes the value to enter for each key in Custom Parameters.

    Key 

    Value 

    Description 

    dataSource 

    kb

    Must be 'kb' to pull knowledge base

    kbUrl

    https://<Insert platform API Server>
    /api/2.0/fo/knowledge_base/vuln/
    ?action=list&details=All
    &last_modified_after=<LastRunTime>

    Note: For a complete list of supported parameters for this URL call and their explanations, see the Qualys API 2.0 Reference Guide (https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf). For initial data loads, Archer recommends using parameters that chunk the data into consumable sizes to avoid memory constraint failures.

    LastRunTime is a token captured in by Archer in the data feed execution. 
    Logic:

    • Use LastRunTime token if valid date supplied, and if requested in the kbURL.

    • If the LastRunTime token is not supplied but requested in the kbURL, default LastRunTime = 1970-01-10.

    A lastRunTimeOffset of -1 is added to the LastRunTime date in the form of days.

    username 

    Requires valid value.

    Default = [empty] 

    Qualys user name

    password 

    Requires valid value.

    Default = [empty] 

    Qualys password

    requestsPerMin

    Requires valid value.

    Default=60

    Follow the Qualys API Limits document for determining the API limits for your Qualys Service.

    https://cdn2.qualys.com/docs/qualys-api-limits.pdf

    Standard API Service: 300 calls per hours/ 5 calls per minute

    Enterprise API Service: 750 calls per Hour/12 calls per minute

    Premium API Service: 2000 calls per Hour/ 33 calls per minute

    Note: The API limit of the data feed by default has been set to 5. Please check your Qualys Service Level before setting the value. This field should not be left blank.

    last_modified_after

    Optional

    Default= Current Date-10 years

    Format= YYYY-MM-DD

    This parameter has been set to <LastRunTime> by default. For the first run of the data feed, as the LastRunTime token is empty this parameter will be set to Current Day-10 years.

    For the subsequent data feed runs, the field will take the <LastRunTime> token and update the incremental data.

    last_modified_before

    Optional

    Default = Current Date 

    Format=YYYY-MM-DD

    The parameter if blank will be set to current date. Utilized to further limit data being pulled.

    daysToBeIncremented

    Requires valid value.

    Default =50

    The default value for the Data Feed has been set to 45 days. Due to the high volume of data, the parameter if required can be decreased.

    lastRunTimeOffset

    -1

    This value subtracts 1 from the lastruntime token to ensure that updates that may have occurred past the time the data feed ran last but within the same day.

    Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings.

    Note: The listed values are in place by default. They can be configured to suit your environment.

  11. The following additional parameters are valid options for the Custom Parameters section for the current JavaScript file.

    Key  

    Value  

    Description 

    requestsPerMin

    Default = 60

    [Configurable value]  

    A parameter to allow clients to govern the number of API requests made by Archer to the external integration.

    Qualys Cloud Platform enforces limits on the API calls subscription users can make. The limits apply to the use of all APIs, except “session” API (session login/logout).

    socketLimit

    Default = 10

    [Configurable value of 1-25]      

    Indicates the maximum number of open socket channels to an endpoint to be used for TCP connections.

    maxRetry

    Default = 1

    [Configurable value of 0-2] 

    Indicates the number of times a retry will occur where an "ECONNRESET" error is encountered. If a retry is unsuccessful and the maxRetry is exceeded, the data feed will fail.

    proxy 

    Optional

    Default = [empty]  

     

    verifyCerts 

    Default = False 

    [Configurable value of True / False] 

    Validates the website address matches the address on the certificate, like browser level validation.

  12. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  13. Click the Source Definition tab. Click the Tokens sub-tab, and verify token values.

  14. The following table describes token values to verify.

    Token

    Value

    LastRunTime

    (Populated by feed)

    Note: For more information about tokens, see "Data Feed Tokens" in the Archer Online Documentation.

  15. Verify that key field values are not missing from the data feed setup window.

  16. Click Save.

  17. Navigate to the Data Map tab and verify the following mapping between source and target fields.

  1. Go to the Manage Data Feeds page with the following steps:

    1. From the menu bar, click the icon.

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the Archer Qualys WAS Applications.dfx5 file.

  4. Click Open.

  5. In the General Information section, in the Status field, select Active.

  6. In the Additional Properties section, enable Optimize Calculations.

  7. Click the Transport tab.

  8. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-qualysWASv1.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  9. In the Custom Parameters section, enter key values.

  10. The following table describes the value to enter for each key in Custom Parameters.

    Key Description Default Value Possible Values requestType (APPLICATIONS, FINDINGS, or BOTH)

    qualysUser

    		 The ID of the user that will be requesting data from the Qualys API. Null

    Various

    BOTH

    qualysPassword

    		 The password associated with the Qualys user ID. This key is configured as “protected” in the data feed, so the value will not be visible. Null

    Various

    BOTH
    qualysURL The base URL for qualys to make API calls. https://qualysapi.qualys.com

    N/A

    BOTH
    requestType

    Determines whether the script should retrieve Applications or Findings from Qualys. Valid value required.

    • When requestType = ‘findings’: Parameters webAppSummaryEndpoint and findingSummaryEndpoint are REQUIRED. This requestType allows the script to return a list of findings (vulnerabilities, sensitive contents, information gathered) found in web applications which are in the user’s scope.

    • When requestType = ‘applications’: Parameters webAppSummaryEndpoint, webAppDetailEndpoint, and scanDetailEndpoint are REQUIRED. This requestType returns details for a web application, along with the pertaining launchedDate which is in the user’s scope.

    Null - depends on the JST feed

    findings, applications

    • If value is empty/undefined and neither findings/applications, the script faults with Error “Check requestType. requestType must be findings or applications."

    N/A

    webAppSummaryEndpoint

    REQUIRED for both requestType = ‘findings’ and requestType = ‘applications’. qualys’s [POST] API endpoint is used for obtaining a summary list of web applications which are in the user’s scope.

    The count (number) of Web Application Summary records and hasMoreRecords check of true/false are collected. Pagination filtering in the request body involved based off a already processed web app’s id when count is 100, and hasMoreRecords is set true to prevent duplication of web applications.

    Example: https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp

    /qps/rest/3.0/search/was/webapp

    N/A

    BOTH

    webAppDetailEndpoint

    REQUIRED when requestType = ‘applications’. qualys’s [GET] API endpoint returns details for a web application which is in the user’s scope.

    The feed leverages the webAppDetailEndpoint URL with each <id> (webApp id grabbed from webAppSummaryEndpoint) to return the details of its web application. Example: https://qualysapi.qualys.com/qps/rest/3.0/get/was/webapp/<id>

    		 /qps/rest/3.0/get/was/webapp

    N/A

    Applications

    scanDetailEndpoint

    REQUIRED when requestType = ‘applications’. qualys’s [POST] API endpoint returns a list of scans on web applications which are in the user’s scope.

    The scanDetailEndpoint identifies the “launchedDate” that exists (identified by the lastScanId grabbed from webAppDetailEndpoint) by leveraging/filtering the lastScanId in the APIs request body, and adds the retrieved launchedDate to the returned scan response list for each Web Application.

    Example: https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscan

    		 /qps/rest/3.0/search/was/wasscan

    N/A

    Applications

    timeout

    		 Time period (seconds-based time value) between a request sent and data response from qualys’s APIs. 60000 (1 minute)

    Various

    • Increase value to allow longer time period for qualys API to process & respond.

    • Decrease value to limit time period for qualys API to process & respond.

    BOTH

    retryDelay

    		 Used in conjunction with maxRetries, this value sets the time interval the script should wait between attempts to retry failed operations. The value is specified in milliseconds. 5000 milliseconds (5 seconds)

    Various (milliseconds time-based)

    Example values:

    • 10000 (10 seconds)

    • 60000 (1 Minute)

    BOTH

    maxRetries

    When an exception occurs, this value indicates the number of times the script should retry the request made to a API endpoint before allowing the feed to fault. If this key is not defined, any exception that is encountered will cause the feed to fault.

    5

    Various

    • Increase value to allow more retry requests sent to a API that has errored/faulted.

    • Decrease value to limit amount of retry requests sent to a API that has errored/faulted.

    BOTH

    proxy

    Provides the address of the proxy server. This is required for data feeds in SaaS.

    Null

    Various

     

    Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings.

    Note: The listed values are in place by default. They can be configured to suit your environment.

  11. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  12. Click the Source Definition tab. Click the Tokens sub-tab, and verify token values.

  13. The following table describes token values to verify.

    Token

    Value

    LastRunTime

    (Populated by feed)

    Note: For more information about tokens, see "Data Feed Tokens" in the Archer Online Documentation.

  14. Verify that key field values are not missing from the data feed setup window.

  15. Click Save.

  16. Navigate to the Data Map tab and verify the following mapping between source and target fields.

  17. Source Field

    Target Field

    /Record/DFMKey_EnterpriseApplication

    Enterprise_Application

    /Record/id

    Web_Application_ID

    /Record/url

    URL

    /Record/riskScore

    Qualys_TruRisk_Score

    /Record/os

    Operating_System

    /Record/owners/owner/owner_username

    Username_Owner

    /Record/owners/owner/owner_id

    ID_Owner

    /Record/owners/owner/owner_Name

    Name_Owner

    /Record/scope

    Scope

    /Record/subDomains

    Subdomains

    /Record/scannerLocked

    Scanner_Locked

    /Record/progressiveScanning

    Progressive_Scanning

    /Record/useRobots

    Use_Robots

    /Record/uris/uris_count

    Count_of_URIs

    /Record/uris/uris_list

    URIs

    /Record/domains/domain_list

    Domains

    /Record/domains/domain_count

    Count_of_Domains

    /Record/attributes/attributes_count

    Count_of_Attributes

    /Record/defaultProfile/defaultProfile_id

    Default_Profile_ID

    /Record/defaultProfile/defaultProfile_name

    Default_Profile_Name

    /Record/defaultScannerTags/defaultScannerTags_count

    Count_of_Default_Scanner_Tags

    /Record/defaultScannerTags_Match/defaultScannerTag

    Default_Scanner_Tags

    /Record/urlAllowlists/urlAllowlist_count

    Count_of_Allow_List

    /Record/urlExcludelists/urlExcludelist_count

    Count_of_Exclude_List

    /Record/urlExcludelists/urlExcludelist_list

    Exclude_List

    /Record/urlAllowlists/urlAllowlist

    Allow_List

    /Record/postDataExcludelists/postDataExcludelist

    POST_data_exclude_List

    /Record/postDataExcludelists/postDataExcludelist_count

    Count_of_POST_data_exclude_List

    /Record/logoutRegexLists/logoutRegexList_count

    Count_of_Logout_Regular_Expressions

    /Record/logoutRegexLists/logoutRegexList

    Logout_Regular_Expressions

    /Record/authRecords/authRecords_list

    Web_App_Authentications

    /Record/dnsOverrides/DnsOverride_list

    DNS_Overrides

    /Record/headers/WebAppHeader_list

    Headers

    /Record/name

    Web_Application_Name

    /Record/attributes/attributes_list

    Attributes

  1. Go to the Manage Data Feeds page with the following steps:

    1. From the menu bar, click the icon.

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the Archer Qualys WAS Findings.dfx5 file.

  4. Click Open.

  5. In the General Information section, in the Status field, select Active.

  6. In the Additional Properties section, enable Optimize Calculations.

  7. Click the Transport tab.

  8. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-qualysWASv1.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  9. In the Custom Parameters section, enter key values.

  10. The following table describes the value to enter for each key in Custom Parameters.

    Key Description

    Default Value

    		 Possible Values requestType (APPLICATIONS, FINDINGS, or BOTH)

    qualysUser

    		 The ID of the user that will be requesting data from the Qualys API. Null

    Various

    BOTH

    qualysPassword

    		 The password associated with the Qualys user ID. This key is configured as “protected” in the data feed, so the value will not be visible. Null

    Various

    BOTH
    qualysURL The base URL for qualys to make API calls. https://qualysapi.qualys.com

    N/A

    BOTH
    requestType

    Determines whether the script should retrieve Applications or Findings from Qualys. Valid value required.

    • When requestType = ‘findings’: Parameters webAppSummaryEndpoint and findingSummaryEndpoint are REQUIRED. This requestType allows the script to return a list of findings (vulnerabilities, sensitive contents, information gathered) found in web applications which are in the user’s scope.

    • When requestType = ‘applications’: Parameters webAppSummaryEndpoint, webAppDetailEndpoint, and scanDetailEndpoint are REQUIRED. This requestType returns details for a web application, along with the pertaining launchedDate which is in the user’s scope.

    Null - depends on the JST feed

    findings, applications

    • If value is empty/undefined and neither findings/applications, the script faults with Error “Check requestType. requestType must be findings or applications."

    N/A

    webAppSummaryEndpoint

    REQUIRED for both requestType = ‘findings’ and requestType = ‘applications’. qualys’s [POST] API endpoint is used for obtaining a summary list of web applications which are in the user’s scope.

    The count (number) of Web Application Summary records and hasMoreRecords check of true/false are collected. Pagination filtering in the request body involved based off a already processed web app’s id when count is 100, and hasMoreRecords is set true to prevent duplication of web applications.

    Example: https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp

    /qps/rest/3.0/search/was/webapp

    N/A

    BOTH

    findingSummaryEndpoint

    REQUIRED when requestType = ‘findings’. qualys’s [POST] API endpoint returns a list of findings (vulnerabilities, sensitive contents, information gathered) found in web applications which are in the user’s scope.

    This endpoint entails 3 criteria filters in its request body to the API. The first filters by the webApp.id (id grabbed from webAppSummaryEndpoint) to collect every finding summary within a web application. The second applies a date-based filter that filters by the lastTestedDate offset (if exists), to fetch all results tested after the calculated lastTestedDate. The third adds a pagination filter that filters by the lastId (latest id of a web application already processed) for pagination purposes and to prevent duplication of web app data.

    Example:

    https://qualysapi.qualys.com/qps/rest/3.0/search/was/finding

    /qps/rest/3.0/search/was/finding

    N/A

    FINDINGS

    timeout

    		 Time period (seconds-based time value) between a request sent and data response from qualys’s APIs. 60000 (1 minute)

    Various

    • Increase value to allow longer time period for qualys API to process & respond.

    • Decrease value to limit time period for qualys API to process & respond.

    BOTH

    retryDelay

    		 Used in conjunction with maxRetries, this value sets the time interval the script should wait between attempts to retry failed operations. The value is specified in milliseconds. 5000 milliseconds (5 seconds)

    Various (milliseconds time-based)

    Example values:

    • 10000 (10 seconds)

    • 60000 (1 Minute)

    BOTH

    maxRetries

    When an exception occurs, this value indicates the number of times the script should retry the request made to a API endpoint before allowing the feed to fault. If this key is not defined, any exception that is encountered will cause the feed to fault.

    5

    Various

    • Increase value to allow more retry requests sent to a API that has errored/faulted.

    • Decrease value to limit amount of retry requests sent to a API that has errored/faulted.

    BOTH

    proxy

    Provides the address of the proxy server. This is required for data feeds in SaaS.

    Null

    Various

     

    lastTestedDate

    Used when requestType = ‘findings’. When defined, this parameter is utilized in the findingSummaryEndpoint request body criteria filter, to fetch results that have been tested after the calculated lastTestedDate. If lastTestedDate is not defined, the lastTestedDate offset filter will be ignored as a filter criteria.

    This parameter is defined by the LastRunTime + lastRunTimeOffsetDays parameters. lastRunTimeOffsetDays is REQUIRED for this parameter.

    Null

    Various

    • if <LastRunTime>, its value is set to LastRunTime + lastRunTimeOffsetDays

    • if empty/undefined, its value is ignored - will not be used in findingSummaryEndpoint criteria filter.

    • if defined and neither above cases, its value is set to lastTestedDate value + lastRunTimeOffsetDays

    FINDINGS

    lastRuntimeOffsetDays

    REQUIRED and used when requestType = ‘findings’.

    This parameter determines the number of days to subtract (or add) from the LastRunTime that defines the lastTestedDate parameter that is called as a filter to the findingsSummaryEndpoint.

    This lastTestedDate offset filter for findingSummaryEndpoint is only utilized when lastTestedDate parameter is defined.

    -2

    Various

    • If value is positive, days will be added to the LastRunTime (/or already defined lastTestedDate) date.

    • If value is negative, days will be subtracted from the LastRunTime (/or already defined lastTestedDate) date.

    • If value is 0, LastRunTime (/or already defined lastTestedDate) date will not be altered.

    • Cannot be undefined/empty, the script will fault.

    FINDINGS

    Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings.

    Note: The listed values are in place by default. They can be configured to suit your environment.

  11. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  12. Click the Source Definition tab. Click the Tokens sub-tab, and verify token values.

  13. The following table describes token values to verify.

    Token

    Value

    LastRunTime

    (Populated by feed)

    Note: For more information about tokens, see "Data Feed Tokens" in the Archer Online Documentation.

  14. Verify that key field values are not missing from the data feed setup window.

  15. Click Save.

  16. Navigate to the Data Map tab and verify the following mapping between source and target fields.

A data feed must be active and valid to successfully run. A successful data feed run processes all input data, completes all expected record updates, and does not report any failures in the Run Details Report.

Validating a data feed

The Data Feed Manager validates the information when a data feed is scheduled. If any information is invalid, the data feed displays an error message. You can save the data feed and correct the errors later, but the data feed does not process until you make corrections.

Running a data feed

You can set up data feeds to run automatically at regular intervals. This reduces the time and effort required to import data from an external file.

You can initiate data feeds at various times and configure them to run in regular increments for an indefinite period of time.

You can run the data feed immediately.

To prevent excess server load, schedule data feeds on a staggered basis. Archer recommends scheduling a maximum of 10 data feeds to run at a time.

Setting up a reference data feed

A reference feed allows you to specify another feed. This indicates to the Data Feed Service that this feed will start running as soon as the referenced feed completes successfully.

  1. Go to the Run Configuration tab > Schedule section.

  2. Do one of the following to schedule your data feed.

    • Run on Schedule. You can configure your data feed to run on a defined schedule.

    • Run After. The Data Feed Services starts the current data feed after the referenced data feed completes successfully.

    • Run Now.

  3. Save the feed.

Certification environment

Date Tested: September 2025

Product Name

Release Information

Operating System

Archer

2025.04

Virtual Appliance