Specify the connector details such as application Id, authenticationKey, description, directoryId, name, and subscription Id of your Azure account and create a new connector in the Connectors application.
Permissions required - Managers with full scope.
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
id |
Optional |
The ID of the connector that you want to create. |
|
|
name |
Optional |
Name of the connector you want to create. |
|
|
description |
Optional |
Description of the connector you want to create. |
|
|
defaultTags |
Optional |
TagSimpleQList |
Tags applied to any asset discovered by the connector. |
|
activation |
Optional |
List<ActivationModule> |
Assets discovered by the connector is activated for the modules specified. |
|
authRecord |
Optional |
AzureAuthRecordSimple |
The Azure authentication record the connector uses to connect to Azure. When writing/updating it is looked up by the ID field. |
|
disabled |
Optional |
boolean |
Whether execution of the connector is disabled (YES). If disabled, the connector does not synchronize assets. |
|
applicationId |
Optional |
Unique identifier of the application you create on Azure portal. |
|
|
directoryId |
Optional |
Unique identifier of your Azure Active Directory. |
|
|
subscriptionId |
Optional |
Unique identifier of your Microsoft Azure subscription. |
|
|
authenticationKey |
Optional |
The secret key generated after you provide permission to the application to access the Windows Azure Service. |
|
|
connectorAppInfos.set. ConnectorAppInfoQList |
A mandatory parent parameter when you need to provide the below parameter, set.ConnectorAppInfo. |
||
|
connectorAppInfos |
It holds the list of list of ConnectorAppInfo which includes App Name, identifiers and tag details. Connector can one or more apps from list [AI, CI, CSA]. AI-Asset Inventory, CI- Cloud Inventory, CSA- Cloud Security Assessment |
||
|
runFrequency |
runFrequency for a connector decides the rate at which the connector should poll the cloud provider and fetch the data. Specified in minutes. |
||
|
isRemediationEnabled |
A flag to enable or disable remediation for the connector. |
You can secure publicly exposed cloud assets by enabling cloud perimeter scans for your connectors. Cloud perimeter scans use Qualys External Scanners (Internet Remote Scanners), located at the Qualys Cloud Platform.
You can automate asset discovery of Connectors and with the Cloud Perimeter Scan. This ensures all publicly-exposed assets have perimeter scans performed, based on configurations provided at Connector.
|
Parameter |
Mandatory /Optional |
Data Type |
Description |
|---|---|---|---|
|
isCPSEnabled |
Optional |
Set this flag to enable or disable cloud perimeter scan for the AWS connector (Note: If isCPSEnabled flag is enabled, you need to provide the below parameters for the Cloud Perimeter Scan). |
|
|
connectorScanSetting |
Tag to include cloud perimeter scan settings. |
||
|
isCustomScanConfig Enabled |
Use this flag to indicate the scan configuration to be used for cloud perimeters scan. By default, this flag is disabled and the global scan configuration is applied to the cloud perimeter scan. To use custom scan configuration, you need to enable this flag. |
||
|
optionProfileId |
Specify the Option Profile Id. This Id is unique for every user. You can fetch the option profile Id using the List VM Option Profile API (/api/2.0/fo/subscription/option_profile/vm/?action=list). For more information on the how to fetch the option profile Id, refer to Qualys API (VM, PC) User Guide. |
||
|
recurrence |
Specify if the scan should be scheduled on DAILY or WEEKLY basis. |
||
|
daysOfWeek |
Specify the days when the scan should be scheduled. For example, SUN, MON, TUE, WED, THU, FRI, SAT. Note: This field is applicable only if the recurrence field is set to WEEKLY. |
||
|
scanPrefix |
Specify a prefix to be appended to the scan name. Once the cloud perimeter scan is triggered from the Vulnerability Management application, the prefix is appended to the scan name. The scan name is in following format: <prefix>-<connectorId>-<timestamp> |
||
|
startDate |
Specify the start date of scan in mm/dd/yyyy format. |
||
|
startTime |
Specify the start time of scan in HH:MM (24 hrs) format. |
||
|
timezone |
Specify the time zone for the cloud perimeter scan to be initiated. |
API request
curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -data-binary @"<qualys_base_url>/qps/rest/3.0/create/am/azureassetdataconnector"
Request POST data
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<data>
<AzureAssetDataConnector>
<name>Azure Connector Via API</name>
<description>Sample Azure Connector API</description>
<defaultTags>
<set>
<TagSimple>
<id>21423674</id>
</TagSimple>
</set>
</defaultTags>
<activation>
<set>
<ActivationModule>VM</ActivationModule>
<ActivationModule>CERTVIEW</ActivationModule>
<ActivationModule>SCA</ActivationModule>
</set>
</activation>
<disabled>false</disabled>
<runFrequency>240</runFrequency>
<isRemediationEnabled>true</isRemediationEnabled>
<isGovCloudConfigured>false</isGovCloudConfigured>
<authRecord>
<applicationId>xxxxxxxxx-694d-xxxx-ae0b-d2bd14d1a4d7</applicationId>
<directoryId>xxxxxxxxx-65ab-xxxx-9e5b-1ea02d3d94eb</directoryId>
<subscriptionId>xxxxxxxxx-4f67-xxxx-917d-2246853844e1</subscriptionId>
<authenticationKey>02LCb8/RCn0lbGj6xxxxxxxxnoH01rog=</authenticationKey>
</authRecord>
<connectorAppInfos>
<set>
<ConnectorAppInfoQList>
<set>
<ConnectorAppInfo>
<name>AI</name>
<identifier>xxxxxxxxx-4f67-xxxx-917d-2246853844e1</identifier>
<tagId>21423674</tagId>
</ConnectorAppInfo>
</set>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<set>
<ConnectorAppInfo>
<name>CI</name>
<identifier>xxxxxxxxx-4f67-xxxx-917d-2246853844e1</identifier>
<tagId>21423674</tagId>
</ConnectorAppInfo>
</set>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<set>
<ConnectorAppInfo>
<name>CSA</name>
<identifier>xxxxxxxxx-4f67-xxxx-917d-2246853844e1</identifier>
<tagId>21423674</tagId>
</ConnectorAppInfo>
</set>
</ConnectorAppInfoQList>
</set>
</connectorAppInfos>
</AzureAssetDataConnector>
</data>
</ServiceRequest>
XML output
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/am/azureassetdataconnector.xsd">
<responseCode>SUCCESS</responseCode>
<count>1</count>
<data>
<AzureAssetDataConnector>
<id>1672602</id>
<name>Azure Connector Via API</name>
<description>Sample Azure Connector API</description>
<connectorState>QUEUED</connectorState>
<type>AZURE</type>
<disabled>false</disabled>
<isGovCloudConfigured>false</isGovCloudConfigured>
<runFrequency>240</runFrequency>
<isRemediationEnabled>true</isRemediationEnabled>
<connectorAppInfos>
<list>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>CI</name>
<identifier>xxxxxxxxx-4f67-xxxx-917d-2246853844e1</identifier>
<tagId>21423674</tagId>
<tagMetadata>
<id>21423674</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>CSA</name>
<identifier>xxxxxxxxx-4f67-xxxx-917d-2246853844e1</identifier>
<tagId>21423674</tagId>
<tagMetadata>
<id>21423674</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
<ConnectorAppInfoQList>
<list>
<ConnectorAppInfo>
<name>AI</name>
<identifier>xxxxxxxxx-4f67-xxxx-917d-2246853844e1</identifier>
<tagId>21423674</tagId>
<tagMetadata>
<id>21423674</id>
</tagMetadata>
</ConnectorAppInfo>
</list>
</ConnectorAppInfoQList>
</list>
</connectorAppInfos>
<authRecord/>
</AzureAssetDataConnector>
</data>
</ServiceResponse>
API Request (JSON)
"curl -u""USERNAME:PASSWORD""-X""POST""-data-binary @""<qualys_base_url>/qps/rest/3.0/create/am/azureassetdataconnector""--header""Accept: application/json"
Request POST Data (JSON)
{
"ServiceRequest":{
"data":{
"AzureAssetDataConnector":{
"name":"Azure Connector Via API",
"description":"Sample Azure Connector API",
"defaultTags": {
"set": {
"TagSimple": [
{
"id": 135718404
},
{
"id": 135718404
}
]
}
},
"activation":{
"set":{
"ActivationModule":[
"VM",
"CERTVIEW",
"SCA"
]
}
},
"disabled":false,
"runFrequency":240,
"isRemediationEnabled":true,
"isGovCloudConfigured":false,
"authRecord":{
"applicationId":"xxxxxxxxx-694d-xxxx-ae0b-d2bd14d1a4d7",
"directoryId":"xxxxxxxxx-65ab-xxxx-9e5b-1ea02d3d94eb",
"subscriptionId":"xxxxxxxxx-4f67-xxxx-917d-2246853844e1",
"authenticationKey":"02LCb8/RCn0lbGj6xxxxxxxxxxnoH01rog="
},
"connectorAppInfos":{
"set":{
"ConnectorAppInfoQList":[
{
"set":{
"ConnectorAppInfo":{
"name":"AI",
"identifier":"xxxxxxxxx-4f67-xxxx-917d-2246853844e1",
"tagId":135718404
}
}
},
{
"set":{
"ConnectorAppInfo":{
"name":"CI",
"identifier":"xxxxxxxxx-4f67-xxxx-917d-2246853844e1",
"tagId":135718404
}
}
},
{
"set":{
"ConnectorAppInfo":{
"name":"CSA",
"identifier":"xxxxxxxxx-4f67-xxxx-917d-2246853844e1",
"tagId":135718404
}
}
}
]
}
}
}
}
}
}
Response (JSON)
{
"ServiceResponse":{
"data":[
{
"AzureAssetDataConnector":{
"description":"Sample Azure Connector API",
"name":"Azure Connector Via API",
"authRecord":{
},
"connectorAppInfos":{
"list":[
{
"ConnectorAppInfoQList":{
"list":[
{
"ConnectorAppInfo":{
"name":"AI",
"identifier":"xxxxxxxxx-4f67-xxxx-917d-2246853844e1",
"tagId":135718404,
"tagMetadata":{
"id":123489465
}
}
}
]
}
},
{
"ConnectorAppInfoQList":{
"list":[
{
"ConnectorAppInfo":{
"name":"CSA",
"identifier":"xxxxxxxxx-4f67-xxxx-917d-2246853844e1",
"tagId":135718404,
"tagMetadata":{
"id":123489465
}
}
}
]
}
},
{
"ConnectorAppInfoQList":{
"list":[
{
"ConnectorAppInfo":{
"name":"CI",
"identifier":"xxxxxxxxx-4f67-xxxx-917d-2246853844e1",
"tagId":135718404,
"tagMetadata":{
"id":123489465
}
}
}
]
}
}
]
},
"isGovCloudConfigured":"false",
"connectorState":"QUEUED",
"type":"AZURE",
"disabled":"false",
"runFrequency":240,
"isRemediationEnabled":"true",
"id":1672601
}
}
],
"responseCode":"SUCCESS",
"count":1
}
}
API request
curl -u "USERNAME:PASSWORD" -H "Content-type: text/xml" -X "POST" -data-binary @"<qualys_base_url>/qps/rest/3.0/create/am/azureassetdataconnector"
Request POST data
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<data>
...
<isCPSEnabled>true</isCPSEnabled>
<authRecord>
<applicationId>33333333-3333-3333-3333-333333333333</applicationId>
<directoryId>22222222-2222-2222-2222-222222222222</directoryId>
<subscriptionId>11111111-1111-1111-1111-111111111111</subscriptionId>
<authenticationKey>02LCb8/RCn0lbGj6xcOGQPZlYG2z85aSmCxnoH01rog=</authenticationKey>
</authRecord>
<connectorScanSetting>
<isCustomScanConfigEnabled>true</isCustomScanConfigEnabled>
</connectorScanSetting>
<connectorScanConfig>
<set>
<ConnectorScanConfiguration>
<daysOfWeek>
<set>
<Day>SUN</Day>
<Day>MON</Day>
<Day>TUE</Day>
</set>
</daysOfWeek>
<optionProfileId>2</optionProfileId>
<recurrence>WEEKLY</recurrence>
<scanPrefix>Scan azure 01</scanPrefix>
<startDate>31/05/2022</startDate>
<startTime>15:45</startTime>
<timezone>Africa/Cairo</timezone>
</ConnectorScanConfiguration>
</set>
</connectorScanConfig>
</AzureAssetDataConnector>
</data>undefined</ServiceRequest>
XML output
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="<qualys_base_url>/qps/xsd/3.0/am/aws_asset_data-connector.xsd">
<responseCode>SUCCESS</responseCode>
...
<isCPSEnabled>true</isCPSEnabled>
<connectorScanSetting>
<isCustomScanConfigEnabled>true</isCustomScanConfigEnabled>
</connectorScanSetting>
<connectorScanConfig>
<set>
<ConnectorScanConfiguration>
<daysOfWeek>
<set>
<Day>SUN</Day>
<Day>MON</Day>
<Day>TUE</Day>
</set>
</daysOfWeek>
<optionProfileId>2</optionProfileId>
<recurrence>WEEKLY</recurrence>
<scanPrefix>Scan azure 01</scanPrefix>
<startDate>31/05/2022</startDate>
<startTime>15:45</startTime>
<timezone>Africa/Cairo</timezone>
</ConnectorScanConfiguration>
</set>
</connectorScanConfig>
...
</data>undefined</ServiceResponse>
<platform API server>/qps/xsd/3.0/am/awsassetdataconnector.xsdre.