Create Storage Account

You need to create a separate account on Azure Storage Blob console, and then create a storage account and a container. Once you create a container, you can use the container details during the integration.

Create Account

  1. Log in to Azure portal (https://portal.azure.com/) and search for Storage accounts in the search bar.

    Azure home page

  2. Click Add and then create a storage account with a unique name.
    From the Account kind drop-down, select BlobStorage

    Storage account creation

  3. Specify the following configuration and click Review + create to create the storage account:
    • Secure transfer required: Enabled
    • Allow Blob public access: Disabled
    • Minimum TLS: 1.2

      Storage account configuration

  4. Once you create a storage account, create a container with suitable name such as qualys-vm-findings.

    Note down the container name. It is required during the integration process.

    Creation of a container for Qualys data

  5. Generate the connection string/shared access signature by specifying the relevant details.
  6. There are two methods to generate a connection string -  
    • Navigate to the Shared access signature tab under the "Security + Monitoring" section. This method gives more control by allowing you to customize the attributes before generating the string.
      Provide the following values -
      • Allowed services: Blob
      • Allowed resource type: Object
      • Allowed permissions: Read, Write, and List
      • Select start and expiry date and time as per your requirement
      • Allowed protocol: Only HTTPS
    • Once the values are configured, you can click Generate the SAS and Connection String to obtain the connection string.



      Sample Connection StringSample Connection String

      BlobEndpoint=https://qualysvulnfindings.blob.core.windows.net/;
      QueueEndpoint=https://qualysvulnfindings.queue.core.
      windows.net/;FileEndpoint=https://qualysvulnfindings.
      file.core.windows.net/;TableEndpoint=
      https://qualysvulnfindings.table.core.windows.net/;
      SharedAccessSignature=sv=2024-11-04&ss=bfqt&srt=o&sp=rwdlacupiytfx&se=2025-07-17T17:48:44Z&st=2025-07-17T09:33:44Z&spr=https&sig=
      %2BYgVWep2kkQk0Y%2BuT2%2BQdeRpMgqPYXHoaD
      6LRaT0Unk%3D

    • The second method is by navigating to the Access Keys tab under Security + Monitoring. Here, you do not need to customize attributes; you can view and copy the string directly.

      Access keys

      Sample Connection String Sample Connection String

      DefaultEndpointsProtocol=https;AccountName=
      qualysvulnfindings;
      AccountKey=gKBLzqiJoAcThsl7IJQ4ANfxs
      R8KkD16vJuWBxG+/ULIqPzvEMGPcBnAzkPDJB7L
      CyCCkcurog78+ASt1nhKXw==;EndpointSuffix=
      core.windows.net

    If the connection string expires, generate a new SAS and connection string, and update the same with Qualys. With expired SAS token, Qualys is not able to post the findings.

  7. You can also modify Firewalls and virtual networks for enhanced security to allow only Qualys source IP to access the storage account.

    Firewall and virtual networks settings

    The Qualys source IP addresses that you could allow access to the Storage account are listed in the following table:

    Platform

    IP Address

    US POD 1

    64.39.96.20

    US POD 2

    64.39.96.25

    US POD 3

    64.39.96.27

    EU POD 1

    64.39.100.20

    EU POD 2

    154.59.121.40

    CA POD

    64.39.97.25

    India POD

    103.216.98.25