Create Storage Account
You need to create a separate account on Azure Storage Blob console, and then create a storage account and a container. Once you create a container, you can use the container details during the integration.
Prerequisites
Following are the prerequisites for creating Storage account:
- Allowed services: Blob
- Allowed resource type: Object
- Allowed permissions: Read, Write and List
- Select start and expiry date time as per your requirement
- Allowed protocol: Only HTTPS
Create Account
- Log in to Azure portal (https://portal.azure.com/) and search for Storage accounts in the search bar.
- Click Add and then create a storage account with a unique name.
From the Account kind drop-down, select BlobStorage.
- Specify the following configuration and click Review + create to create the storage account:
- Secure transfer required: Enabled
- Allow Blob public access: Disabled
- Minimum TLS: 1.2
- Once you create a storage account, create a container with suitable name such as qualys-vm-findings.
Note down the container name. It is required during the integration process.
- Generate the connection string/shared access signature by specifying the relevant details.
Click Generate the SAS and Connection String.
If the connection string expires, generate a new SAS and connection string, and update the same with Qualys. With expired SAS token, Qualys is not able to post the findings.
You can also locate the connection string in the Access Keys section.
You can also modify Firewalls and virtual networks for enhanced security to allow only Qualys source IP to access the storage account.
The Qualys source IP addresses that you could allow access to the Storage account are listed in the following table:
Platform
IP Address
US POD 1
64.39.96.20
US POD 2
64.39.96.25
US POD 3
64.39.96.27
EU POD 1
64.39.100.20
EU POD 2
154.59.121.40
CA POD
64.39.97.25
India POD
103.216.98.25