Update Azure Sentinel Integration
Once you add the Azure Sentinel integration, you can update the name, minSeverity, baseCategory, resultSectionNeeded, and apiVersion of the Azure Sentinel integration with Qualys.
Input Parameters Input Parameters
|
Parameter |
Optional/ Mandatory |
Data Type |
Description |
|---|---|---|---|
|
workspaceId={value} |
Mandatory | Integer |
Provide the unique Id assigned to the workspace in Azure Sentinel. |
|
primaryKey={value} |
Mandatory | Integer |
Provide the primary key Id assigned to the workspace in Azure Sentinel. |
|
name={value} |
Mandatory | Text |
Provide a unique name for the integration in the API request. The maximum length allowed for name is 50 characters. |
|
baseCategory={IG|Potential| Confirmed} |
Optional | Text |
Category of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the Azure Sentinel. The valid values are IG, Confirmed, and Potential. By default, it is configured to Confirmed. In this case, only confirmed vulnerabilities are included. If you configure the baseCategory as Potential, both Potential and Confirmed vulnerabilities are included.If you configure the baseCategory as IG, all three categories: IG, Potential and Confirmed vulnerabilities are included. |
|
customLogName={value} |
Optional | Text |
Provide a unique name for the data collector APIs. You can identify the log details with the name you provide. If you do not provide a custom log name, we use QUALYS_SECURITY_VM_FINDINGS by default. The custom log name can only contain letters, numbers, and underscore (_), and should not exceed 100 characters. |
|
minSeverity={value} |
Optional | Text |
The minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on the Azure Sentinel. By default, it is configured to severity level 3 and above. For example, if you set the value to 1, all findings with severity level 1 to 5 are fetched and available on Azure Sentinel. |
|
resultSectionNeeded={true|false} |
Optional | Boolean |
Set this to true to include the result section in the response. If you want to exclude the result section, set this parameter to false. By default, the resultSectionNeeded parameter is configured to false. |
|
apiVersion={value} |
Optional | String |
Azure Sentinel data collector API version. By default, 2016-04-01 API version is used. For more information on supported API version refer to Data Collector API learn page. |
Update Azure Sentinel Integration DetailsUpdate Azure Sentinel Integration Details
Let us now see an example to update the configuration details of the Azure Sentinel integration. Provide the configuration details to be updated in the PUT request.
API Request
"curl --location --request PUT""<qualys_gateway_url>/partner-integration/azure/sentinel/{integrationId}/vm""-H""Authorization: Bearer <token>""--data""'@integration.json
Note: “integration.json” contains the request PUT data."
Request PUT Data (integration.json)
{
" ""workspaceId":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
" ""primaryKey":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXX",
" ""minSeverity":4,
" ""baseCategory":"Potential",
" ""customLogName":"CUSTOM_LOG",
" ""name":"Sample Name change",
" ""resultSectionNeeded":false,
" ""apiVersion":"2016-04-01"
}
JSON Output
{
" ""Azure Sentinel VM integration successfully updated."
}