Nozomi Vantage Connector
The Nozomi Vantage Connector ingests asset and vulnerability data from Nozomi Vantage into Qualys Enterprise TruRisk Management (ETM) for unified risk analysis and prioritization.
The Nozomi Vantage Connector is available on demand. To activate it for your subscription, please contact your Technical Account Manager (TAM) or Qualys Support.
Connector Details
| Vendor | Nozomi Networks |
| Product | Nozomi Vantage |
| Category | Risk Source |
| Findings Supported | Vulnerabilities |
| Assets Supported | Host Assets |
| Version | N/A |
| Integration Type | API Integration (REST) |
| Direction | Unidirectional (Nozomi Vantage > Qualys) |
| Delta Support | N/A |
Connection Settings
User Roles and Permissions
To generate API credentials for Nozomi Vantage, follow the steps in the API Key Generation Guide.
Authentication Details
Provide the following credentials in the connector configuration screen:
| Name | Key | Type | Description |
|---|---|---|---|
| Base URL | baseUrl |
String | Base URL of the Nozomi Vantage platform |
| Key Name | key_name |
String | API Key Name for Nozomi Vantage |
| Key Token | key_token |
Encrypted | API Key Token for Nozomi Vantage |
Connector Configuration
Basic Details
- Login to Qualys ETM.
- Go to Connectors >Integration tab and locate the Nozomi Vantage Connector.
- Click Manage from the ellipses menu.
- Provide a Name and Description for the connector.
- Select supported findings type: Vulnerability / Host Asset.
- Enter Base URL, Key Name, and Key Token.
Mapping Details
Data Model
The Nozomi Vantage connector provides out-of-the-box data model mappings for assets only or assets with vulnerabilities. View the models in ETM to understand all supported fields.
Transform Maps
Default transform maps are provided. You can create or clone maps to customize field transformations.
- Click Create New to add a new transform map.
- Provide a Transform Map Name, select Source Data Model, and select Target Data Model.
- Save the map.
- Alternatively, use Clone from the quick menu to copy and adjust the default transform map.
Data Model Mapping - Vulnerability Transformation
|
Source Field |
Target Field |
|---|---|
|
Asset Id |
externalAssetId (Required) |
|
Ip |
ipAddress |
|
Mac |
macAddress |
|
Os Name |
operatingSystemName |
|
Serial Number |
biosInfoSerialNumber |
|
Vulnerability Cves |
cveId |
|
Vulnerability Cwes |
cveId |
|
Vulnerability Id |
externalFindingId (Required) |
|
Vulnerability links href |
references |
|
Vulnerability Risk Score |
cvss3Base |
|
Status open | resolved |
findingStatus ACTIVE | FIXED |
|
Vulnerability Description |
findingDescription |
|
Type |
type |
Data Model Mapping - Asset Transformation
|
Source Field |
Target Field |
|---|---|
|
ID |
externalAssetId (Required) |
|
IPv4 Address |
ipAddress |
|
MAC Address |
macAddress |
|
Operating System |
operatingSystemName |
|
Type |
System Type |
|
Serial Number |
serialNumber |
|
Software Version |
softwareVersion |
|
Software Vendor |
softwarePublisher |
|
Software Name |
softwareName |
|
Software Install Path |
softwareInstallPath |
|
Software Installed Date |
softwareInstalledDate |
|
Software Identifier |
softwareIdentifier |
|
Assigned Location Name |
assignedLocationName |
|
Assigned Location Longitude |
assignedLocationLongitude |
|
Assigned Location Latitude |
assignedLocationLatitude |
Profiles
Profiles control the execution of the connector.
- Click + to add a new profile.
- Provide a Name and Description.
- Select the required Transform Map.
- Set Status (Active or Inactive).
- Configure a Schedule: Single Occurrence or Recurring with start and end dates/times.
Scoring
Use the scoring screen to map Nozomi Vantage non-CVE severities to Qualys Detection Score (QDS) 0–100. Configure 5 levels of mapping and set a Default Severity for unmapped values.
Identification Rules
Identification Rules are provided out-of-the-box by Qualys CSAM. They control how findings are matched to assets. You may proceed without changes, but ensure at least one rule is active.
How Does a Connection Work?
The Nozomi Vantage connector executes on schedule (or on-demand) based on the configured profile. It imports asset and vulnerability data into ETM, where it can be analyzed with other security findings.
In the Connector screen, your newly configured connector will appear with the state Processed once execution completes.
Viewing Assets and Findings in ETM
After a successful run, Nozomi assets appear in ETM's Inventory:
- Assets: Go to Inventory > Assets > Host. Filter with
tags.name:"Nozomi".
- Findings: Go to Risk Management > Findings > Vulnerability. Filter with
finding.vendorProductName:"Nozomi".