Qualys Dataflow for CSAM Connector

The Qualys CSAM Native Connector enables secure integration with the Qualys Cloud Platform to retrieve host asset metadata directly from the CSAM module. The connector leverages Qualys APIs to sync asset data into the Enterprise TruRisk™ Platform (ETM) for centralized inventory and risk analysis.

What is the Dataflow for CSAM Connector?

The Dataflow for CSAM Connector creates a secure bridge between your CSAM platform and Qualys ETM. The API-based connector facilitates regular data retrieval, enabling quicker, data-driven remediation. When configured, it automatically ingests asset inventory and security findings through scheduled API calls. Qualys ETM then processes this data by:

  • Deduplicating redundant entries
  • Normalizing data formats
  • Enriching findings with additional context
  • Calculating risk scores using TruRisk
Category  Supported Asset Type Supported Finding Type
API Connector Host Asset Asset

Prerequisites

The Qualys Dataflow for CSAM Connector is available on demand. To activate it for your subscription, please contact your Technical Account Manager (TAM) or Qualys Support.

You need an active CSAM subscription to create this connector.

You will require your Base URL, Qualys username and password to authenticate yourself.

The Base URL for your platform is available at Qualys Platform Identification

Connector Configuration

Follow the steps below to get started.

Create a New API Connector

Basic DetailsBasic Details

  1. Provide the Connector's Name and Description.
  2. Select the type of findings you want to import or export - currently, we support Asset.
  3. Select the Asset Type - currently, we support Host Asset.
    The following screenshot displays the Basic Details fields.
  4. Next, provide the API authentication details of the CSAM environment. You need to provide the following.

    1. Base URL
    2. Qualys Username 
    3. Qualys Password

Data ModelData Model

The CSAM API Connector offers an out-of-box data model mapping for you to map with Qualys ETM schema. You can view the schema to understand the attributes in the data model.

Transform MapsTransform Maps

Map the fields from CSAM to the corresponding fields in your target system. Transform Maps ensure the data is transformed correctly during the import or export process.

The CSAM Connector offers an out-of-box transform map for you to proceed without further configuration. View the map to understand the data transformation.

To learn more about the data mapping from CSAM to Qualys ETM, refer to Data Model Mapping.

Fields Mapping

The Fields Mapping section maps fields from the Source Data Model to the Target Data Model.

  1. Source Field: Specify the field in the Source Data Model containing the transformed data.
  2. Data Type: Indicate the data type of the Source Field (e.g., string, integer, date).
  3. Target Field: Designate the corresponding field where the transformed data will be placed in the Target Data Model.

Click Add to create and display the mapping for the Source Field, Data Type, and Target Field below the section. This visual helps ensure that all necessary fields are mapped correctly and allows easy verification and adjustments.

ProfileProfile

Create a profile for your connector. A profile decides the connector status, execution schedule and transform map to choose. The connector follows the configurations of this profile for all future executions.

Click the "+" to create a new profile.

In the Add Profile screen, provide the necessary inputs for your new profile.

Provide a Name and Description.

You can provide a Tag Filter, a list of tags seperated by commas, to filter asset ingestion based on active Qualys tags.
For example, "eval-214027-test, exec-220563"

Select the required Transform Map for the data mapping.

The Status field determines whether the connector should be in Active or Inactive state after creation. 

Lastly, the Schedule section lets you either create a Single Occurrence schedule or a Recurring schedule. Provide the exact date and time for the Single Occurence execution and provide the Start and End date/time for the Recurring schedule.

Select Identification RulesSelect Identification Rules

The Identification Rules are a set of out-of-the-box precedence rules set by Qualys CSAM. The connector discovers findings based on the order set by the selected Identification Rules.

You can proceed to the next step without making any changes to this screen.

Select Identification Rules screen.

If you don't want to choose a specific rule, turn off the toggle next to it. But, ensure that at least one rule is selected.

To learn more about the different rules and options present in this screen, refer to the CSAM Online Help.

Once you are done with all the configuration, review the configurations provided in the previous steps. Ensure all details are correct and complete. Confirm the setup to finalize the configuration of the API connector.

Save and run the connector to process the data accordingly, transforming and importing it as per the configurations set.

How Does a Connection Work?

The CSAM connector functions through configured profiles that determine what data gets synchronized and when.

A Connection usually involves creating a profile that defines which asset to import based on detection data types and asset types. The connector then automatically executes according to the schedule (or on-demand), pulling asset data from CSAM into ETM where it can be viewed alongside other security findings.

With the CSAM API Connector successfully configured, you are almost ready to view all the assets and findings from CSAM.

In the Connector screen, you can find your newly configured connector listed and marked in the Processed state.

Connector States

A successfully configured connector goes through 4 states.

  1. Registered - The connector is successfully created and registered to fetch data from the vendor.
  2. Scheduled - The connector is scheduled to execute a connection with the vendor.
  3. Processing - A connection is executed and the connector is fetching the asset and findings data.
  4. Processed - The connector has successfully fetched the assets, it may still be under process of fetching the findings. Wait for some more time for the connector to fetch the findings completely.

The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets and findings. This process (specifically for findings) may take some time.

This entire process may take up to 2 hours for completion. Once it is done, you can find the imported data in Enterprise TruRisk Management (ETM).

View Assets in ETM

Navigate to Enterprise TruRisk Management to get started with analyzing your Connector's vulnerability findings.

You can view the assets imported from the CSAM connection by navigating to Inventory tab of ETM.

Go to Assets > Host to find all of your imported assets.

Use the token, inventory: (source: `CSAM`) to view all the imported CSAM assets.

Here, you can learn about the criticality of your assets and their Risk Scores. Click any of the asset to find more details about them.

Currently, the Dataflow for CSAM connector does not sync the following data from CSAM: Business Apps data, Misconfiguration, EASM data, Certificates.

To know more about how the CSAM API Connector leverages the findings, refer to the Qualys ETM Documentation.

Additional Resources

Additional Information related to CSAM Connector.

API Reference

Here are the APIs executed for the CSAM connection.

Operation Endpoint Notes
Auth API https://<gateway_url>.qualys.com Generates token (valid for 4 hrs)
Fetch Asset List https://<gateway_url>.qualys.com/rest
/2.0/search/am/asset
Default batch size: 300

Data Model Map

This section explains the attribute mappings of the values from Qualys CSAM and Qualys ETM.

CSAM Asset Transformation Mapping

Source Attribute Label

Target Attribute Label

Last Logged On User

Last Logged On User

DNS Name

DNS Name

Host Id

Host Id

Asset UUID

Asset UUID

Bios Description

Bios Description

Last BIOS Boot

Last BIOS Boot

Total Memory

Total Memory

BIOS TimeZone

BIOS TimeZone

BIOS Serial Number

BIOS Serial Number (Required)

BIOS Asset

BIOS Asset

NetBIOS Name

NetBIOS Name

Is Container

Is Container

Operating System Name

Operating System Name

Operating System Version

Operating System Version

Operating System Architecture

Operating System Architecture

Operating System Publisher

Operating System Publisher

Open Port Number

Open Port Number

Open Port Description

Open Port Description

Open Port Protocol

Open Port Protocol

Open Port Detected Service

Open Port Detected Service

Open Port First Found Date

Open Port First Found Date

Open Port Last Updated Date

Open Port Last Updated Date

Open Port Authorization

Open Port Authorization

Network Interface Name

Network Interface Name

Network Interface Host Name

Network Interface Host Name

Network Interface IPv4 Address

Network Interface IPv4 Address

Network Interface IPv6 Address

Network Interface IPv6 Address

Network Interface Addresses

Network Interface Addresses

Network Interface MAC Address

Network Interface MAC Address

Network Interface Gateway Address

Network Interface Gateway Address

Software Name

Software Name

Software Version

Software Version

Software Last Updated Date

Software Last Updated Date

Software Publisher

Software Publisher

Software Language

Software Language

Software Type

Software Type

Software Install Path

Software Install Path

Software Last Used Date

Software Last Used Date

Volume Name

Volume Name

Volume Size

Volume Size

Volume Free

Volume Free

Service Name

Service Name

Service Status

Service Status

Service Description

Service Description

Host ID

Business Operation Status

Business Information Environment

Business Information Environment

Business Information Company

Business Information Company

Business Information Department

Business Information Department

Business Information Owned By

Business Information Owned By

Business Information Managed By

Business Information Managed By

Business Information Supported By

Business Information Supported By

Business Information Supported Group

Business Information Supported Group

Assigned Location Name

Assigned Location Name

Assigned Location City

Assigned Location City

Assigned Location State

Assigned Location State

Assigned Location Country

Assigned Location Country

Business App Id

Business App Id

Business App Name

Business App Name

Business App Environment

Business App Environment

Business App Managed By

Business App Managed By

Business App Owned By

Business App Owned By

Business App Supported By

Business App Supported By

Business App Supported Group

Business App Supported Group

Custom Attributes Key

Custom Attributes Key

Custom Attributes Value

Custom Attributes Value

Hardware Manufacturer

Hardware Manufacturer

Hardware Model

Hardware Model