Create Storage Account
You need to create a separate account on Azure Storage Blob console, and then create a storage account and a container. Once you create a container, you can use the container details during the integration.
Create Account
- Log in to Azure portal (https://portal.azure.com/) and search for Storage accounts in the search bar.
- Click Add and then create a storage account with a unique name.
From the Account kind drop-down, select BlobStorage. - Specify the following configuration and click Review + create to create the storage account:
- Secure transfer required: Enabled
- Allow Blob public access: Disabled
- Minimum TLS: 1.2
- Once you create a storage account, create a container with suitable name such as qualys-vm-findings.
Note down the container name. It is required during the integration process.
- Generate the connection string/shared access signature by specifying the relevant details.
- There are two methods to generate a connection string -
- Navigate to the Shared access signature tab under the "Security + Monitoring" section. This method gives more control by allowing you to customize the attributes before generating the string.
Provide the following values -- Allowed services: Blob
- Allowed resource type: Object
- Allowed permissions: Read, Write, and List
- Select start and expiry date and time as per your requirement
- Allowed protocol: Only HTTPS
- Once the values are configured, you can click Generate the SAS and Connection String to obtain the connection string.
Sample Connection StringSample Connection StringBlobEndpoint=https://qualysvulnfindings.blob.core.windows.net/;
QueueEndpoint=https://qualysvulnfindings.queue.core.
windows.net/;FileEndpoint=https://qualysvulnfindings.
file.core.windows.net/;TableEndpoint=
https://qualysvulnfindings.table.core.windows.net/;
SharedAccessSignature=sv=2024-11-04&ss=bfqt&srt=o&sp=rwdlacupiytfx&se=2025-07-17T17:48:44Z&st=2025-07-17T09:33:44Z&spr=https&sig=
%2BYgVWep2kkQk0Y%2BuT2%2BQdeRpMgqPYXHoaD
6LRaT0Unk%3D - The second method is by navigating to the Access Keys tab under Security + Monitoring. Here, you do not need to customize attributes; you can view and copy the string directly.
Sample Connection String Sample Connection StringDefaultEndpointsProtocol=https;AccountName=
qualysvulnfindings;
AccountKey=gKBLzqiJoAcThsl7IJQ4ANfxs
R8KkD16vJuWBxG+/ULIqPzvEMGPcBnAzkPDJB7L
CyCCkcurog78+ASt1nhKXw==;EndpointSuffix=
core.windows.net
If the connection string expires, generate a new SAS and connection string, and update the same with Qualys. With expired SAS token, Qualys is not able to post the findings.
- Navigate to the Shared access signature tab under the "Security + Monitoring" section. This method gives more control by allowing you to customize the attributes before generating the string.
-
You can also modify Firewalls and virtual networks for enhanced security to allow only Qualys source IP to access the storage account.
The Qualys source IP addresses that you could allow access to the Storage account are listed in the following table:
Platform
IP Address
US POD 1
64.39.96.20
US POD 2
64.39.96.25
US POD 3
64.39.96.27
EU POD 1
64.39.100.20
EU POD 2
154.59.121.40
CA POD
64.39.97.25
India POD
103.216.98.25