ETM WAS Integration 

The Qualys Web Application Scanning (WAS) integration with Enterprise TruRisk Management (ETM) connects your web application vulnerability findings directly to the ETM platform. This integration lets security teams view identified vulnerabilities as findings within ETM's unified risk management interface. By consolidating security findings from WAS into ETM, organizations gain comprehensive visibility into their web application security posture and can manage risks more effectively through a single pane of glass.

Prerequisites

Before implementing the WAS integration with ETM, ensure your environment meets the following requirement:

  • WAS must be enabled for your subscription

How Does the Integration Work?

The integration process follows these steps:

  1. Contact your TAM or support to enable your subscription's WAS integration.
  2. Create a CSV connector and select WAS Findings as the Type of Findings (refer to CSV Connector).
  3. Run a scan for WAS to generate current vulnerability data.
  4. The system automatically ingests findings from WAS into ETM as a vulnerability.
  5. Web App findings from WAS application appear in ETM with their respective risk scores, allowing for precise identification of security issues that require remediation.

The integration maintains data synchronisation between the systems to ensure the latest security posture information is available in ETM for risk management.

View Assets and Findings in ETM

After completing the integration, you can view and manage WAS findings within the ETM interface:

  1. Navigate to Risk Management > Findings > Vulnerabilities to access the consolidated view of security posture findings.
  2. To filter specifically for WAS findings, use the QQL query syntax:
    finding.vendorProductName:WAS.

The findings display detailed information about each misconfiguration, including the affected asset, severity, and current status. This information helps security teams prioritise remediation efforts based on risk levels and organizational impact.

By accessing WAS findings directly within ETM, security teams can streamline their workflow and address security issues more efficiently without switching between multiple security management interfaces.