> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rad.security/llms.txt
> Use this file to discover all available pages before exploring further.

# Qualys Vulnerability Management

> Configure Qualys VMDR integration with RAD Security for comprehensive vulnerability management.

# Qualys Vulnerability Management Integration Setup

This guide walks you through integrating Qualys Vulnerability Management (VMDR) with RAD Security, enabling you to import vulnerability findings and correlate them with runtime security events.

Qualys VMDR provides comprehensive vulnerability scanning, asset discovery, and compliance reporting for your infrastructure.

## Prerequisites

Before you begin, ensure you have:

<Check>
  * Admin access to Qualys Vulnerability Management
  * **Manager** or **Unit Manager** role in Qualys
  * A service email account that will remain active (not tied to an individual employee)
  * Access to RAD Security workspace with integration permissions
</Check>

<Info>
  **Service Account Best Practice:** Use a service email account (e.g., `security-services@company.com`) rather than an individual's email. This ensures the integration continues working even if employees leave the organization.
</Info>

***

## Step 1: Create Service User in Qualys

<Steps>
  <Step title="Log in to Qualys as Administrator">
    Log in to Qualys with an account that has either the **Manager** or **Unit Manager** role
  </Step>

  <Step title="Navigate to Users Management">
    1. Navigate to the **Vulnerability Management** product
    2. Click the **USERS** option from the top menu (located toward the right side)
  </Step>

  <Step title="Create New User">
    1. In the Users interface, click **New > User**
    2. This will open a modal titled **New User**
  </Step>

  <Step title="Enter User Details">
    Under the **General Information** section, provide:

    * **First Name** (e.g., "RAD Security")
    * **Last Name** (e.g., "Integration")
    * **Title** (e.g., "Service Account")
    * **Phone**
    * **Email Address** (use your service email account)
    * **Address 1**
    * **Country**
  </Step>

  <Step title="Configure User Role">
    In the **User Role** section:

    1. Select either **Scanner** or **Reader** role
       * **Reader**: Recommended for read-only vulnerability data access
       * **Scanner**: If you need scanning capabilities
    2. Check both the **GUI** and **API** boxes

    <Note>
      For RAD Security integration, the **Reader** role with API access is typically sufficient as we only need to read vulnerability data.
    </Note>
  </Step>

  <Step title="Assign Asset Groups">
    Under **Asset Groups** on the left:

    1. Click the **Add asset groups** dropdown
    2. Select either:
       * **All** - Grant access to all assets (recommended for complete visibility)
       * Specific asset groups - Choose individual groups if you want to limit scope
  </Step>

  <Step title="Save and Note Username">
    1. Click the **Save** button at the far right corner of the modal
    2. After creation, locate the new user entry in the users list
    3. **Note the randomly generated username** for this account - you'll need this later
  </Step>

  <Step title="Log Out">
    Log out of your administrator account
  </Step>
</Steps>

<Warning>
  **Save the username immediately!** The randomly generated username is only displayed in the users list and will be needed for authentication.
</Warning>

***

## Step 2: Complete Service Account Registration

<Steps>
  <Step title="Check Registration Email">
    The service email address will receive a registration message from Qualys containing:

    * A link to begin the user registration process
    * An **OTP (One-Time Password) code**

    **Copy the OTP code** - you'll need it on the next screen
  </Step>

  <Step title="Complete Registration">
    1. Click the link in the email to begin registration
    2. Follow the prompts to complete the registration process
    3. Enter the OTP code when prompted
    4. You will receive a **password** for the account

    <Warning>
      **Save this password securely!** If you lose it, you'll need to use the **Forgot Password** process to reset it.
    </Warning>
  </Step>

  <Step title="Note Base URL">
    On the registration screen, you will see the base **URL** for UI and API access.

    Common Qualys URLs by region:

    * US Platform 1: `https://qualysapi.qualys.com`
    * US Platform 2: `https://qualysapi.qg2.apps.qualys.com`
    * US Platform 3: `https://qualysapi.qg3.apps.qualys.com`
    * US Platform 4: `https://qualysapi.qg4.apps.qualys.com`
    * EU Platform 1: `https://qualysapi.qualys.eu`
    * EU Platform 2: `https://qualysapi.qg2.apps.qualys.eu`
    * India Platform 1: `https://qualysapi.qg1.apps.qualys.in`
    * Canada Platform 1: `https://qualysapi.qg1.apps.qualys.ca`

    **Save this URL** - it will be used for the integration configuration
  </Step>

  <Step title="Verify Login">
    Using the **username** from Step 1 and the **password** from this step, log in to the Qualys Vulnerability Management UI to verify the account works correctly
  </Step>
</Steps>

***

## Step 3: Configure in RAD Security

Navigate to your RAD Security workspace and configure the Qualys integration with the following parameters:

### Required Parameters

| Parameter    | Description                                 | Example                        |
| ------------ | ------------------------------------------- | ------------------------------ |
| **Base URL** | The base URL from Step 2                    | `https://qualysapi.qualys.com` |
| **Username** | The randomly generated username from Step 1 | `qualys_user_123456`           |
| **Secret**   | The password from Step 2                    | `your-secure-password`         |

<Info>
  Make sure to use the API URL (not the UI URL). API URLs typically start with `qualysapi.` rather than `qualysguard.`.
</Info>

***

## Verify Integration

After completing the setup, verify your integration is working:

1. Navigate to **Data Sources > Integrations > Vulnerabilities** in RAD Security
2. Locate your Qualys integration
3. Check the connection status shows as **Connected**
4. Verify vulnerability data is being synced

<Check>
  Your Qualys Vulnerability Management integration is now configured! RAD Security can now import vulnerability findings and correlate them with runtime security events.
</Check>

## What Data is Synced

Once configured, RAD Security will sync the following data from Qualys:

<AccordionGroup>
  <Accordion title="Vulnerability Findings" icon="bug">
    * QID (Qualys Vulnerability ID) information
    * CVE identifiers
    * Vulnerability severity and CVSS scores
    * Affected hosts and assets
    * Detection dates and status
    * PCI compliance impact
  </Accordion>

  <Accordion title="Asset Information" icon="server">
    * Host inventory
    * Operating system details
    * Network information (IP addresses, DNS)
    * Asset tags and groups
    * Last scan dates
  </Accordion>

  <Accordion title="Compliance Data" icon="clipboard-check">
    * Compliance posture assessments
    * Policy compliance status
    * Control findings
    * Remediation tickets
  </Accordion>
</AccordionGroup>

## Use Cases

<CardGroup cols={2}>
  <Card title="Vulnerability Correlation" icon="diagram-venn">
    Correlate Qualys vulnerability scans with runtime security events to identify active exploitation attempts.
  </Card>

  <Card title="Risk Prioritization" icon="ranking-star">
    Prioritize vulnerabilities based on runtime exposure, criticality, and exploitability.
  </Card>

  <Card title="Compliance Validation" icon="certificate">
    Verify compliance remediation efforts with runtime validation and monitoring.
  </Card>

  <Card title="Asset Discovery" icon="radar">
    Maintain an up-to-date asset inventory correlated with runtime security data.
  </Card>
</CardGroup>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Authentication Failed" icon="triangle-exclamation">
    **Possible causes:**

    * Incorrect username or password
    * Service account not properly activated
    * Wrong API URL for your Qualys platform

    **Solution:**

    * Verify username and password are correct
    * Ensure you completed the email registration process
    * Check you're using the correct regional API URL
    * Try logging into Qualys UI with the same credentials to verify they work
  </Accordion>

  <Accordion title="Insufficient Permissions" icon="shield-exclamation">
    **Possible causes:**

    * User role doesn't have API access
    * Asset groups not properly assigned
    * Scanner/Reader role not selected

    **Solution:**

    * Log in to Qualys as admin and edit the user
    * Verify both GUI and API checkboxes are checked
    * Ensure Scanner or Reader role is assigned
    * Verify asset groups are assigned (All or specific groups)
  </Accordion>

  <Accordion title="No Data Syncing" icon="database-slash">
    **Possible causes:**

    * No vulnerability scans completed yet
    * Asset groups don't contain any scanned assets
    * Initial sync still in progress

    **Solution:**

    * Verify vulnerability scans have been completed in Qualys
    * Check that the service account has access to the correct asset groups
    * Allow up to 15 minutes for initial data sync
    * Review integration logs in RAD Security for specific errors
  </Accordion>

  <Accordion title="Wrong Platform URL" icon="globe">
    **Possible causes:**

    * Using UI URL instead of API URL
    * Using wrong regional platform

    **Solution:**

    * Ensure you're using `qualysapi.` not `qualysguard.`
    * Verify you're using the correct platform for your region
    * Check the URL shown during account registration
    * Common mistake: Using Platform 1 URL when your account is on Platform 2, 3, or 4
  </Accordion>

  <Accordion title="Account Locked or Deactivated" icon="lock">
    **Possible causes:**

    * Too many failed login attempts
    * Service email account was deactivated
    * User was disabled by administrator

    **Solution:**

    * Contact your Qualys administrator to unlock the account
    * Verify the service email account is still active and receiving emails
    * Check with your IT team that the email account hasn't been decommissioned
  </Accordion>
</AccordionGroup>

## Security Best Practices

<CardGroup cols={2}>
  <Card title="Use Service Accounts" icon="user-gear">
    Always use a service email account (not personal) to ensure continuity when employees change roles or leave.
  </Card>

  <Card title="Least Privilege Access" icon="shield-halved">
    Use the Reader role unless Scanner capabilities are specifically needed. Only assign necessary asset groups.
  </Card>

  <Card title="Secure Credential Storage" icon="lock">
    Store credentials securely. Never commit them to version control or share via unsecured channels.
  </Card>

  <Card title="Regular Access Reviews" icon="clipboard-list">
    Periodically review service account permissions and asset group assignments in Qualys.
  </Card>

  <Card title="Password Management" icon="key">
    Store the service account password in a secure password manager accessible to your security team.
  </Card>

  <Card title="Monitor API Usage" icon="chart-line">
    Regularly review API usage in Qualys to detect any anomalous activity.
  </Card>
</CardGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Vulnerabilities Overview" icon="shield-halved" href="/rad-security/integrations/vulnerabilities/overview">
    Explore other vulnerability integration options
  </Card>

  <Card title="Runtime Security" icon="shield" href="/rad-security/integrations/runtime-security">
    Learn how RAD correlates vulnerabilities with runtime threats
  </Card>

  <Card title="Alerts & Incidents" icon="bell" href="/rad-security/platform/workspace">
    Configure alerts for vulnerability-related events
  </Card>

  <Card title="Threat Models" icon="crosshairs" href="/rad-security/security-and-compliance/overview">
    Understand how threats are detected and prioritized
  </Card>
</CardGroup>