Enable Azure Storage Blob Integration

The first step towards integration is enabling Azure Storage Blob integration. To enable the Azure Storage Blob integration, you need to provide a name and connection string in the API request body. The connection string can be obtained from the Azure Blob storage container that you have created. You can specify other optional parameters (base category, minimum severity, and so on.) as per your requirement.

Once you create the integration, the response provides a unique integration identifier (id) for the Azure Storage Blob integration.

POST /partner-integration/azure/storage-blob/vm

Input ParametersInput Parameters

Parameter	Mandatory/ Optional	Data Type	Description
connectionString={value}	Mandatory	String	Provide the connection string assigned to the container in Azure Storage Blob.
minSeverity={value}	Optional	Text	The minimum severity level of the vulnerabilities fetched from Qualys (VM/VMDR app) to be posted on Azure Storage Blob. By default, it is configured to severity level 3 and above. For example, if you set the value to 1, all findings with severity levels 1 to 5 are fetched and available on Azure Storage Blob.
baseCategory={IG\|Potential\| Confirmed}	Optional	Text	The category of the vulnerabilities fetched from Qualys (VM/VMDR app) is to be posted on Azure Storage Blob. The valid values are IG, Confirmed, and Potential. By default, it is configured to Confirmed. In this case, only confirmed vulnerabilities are included. If you configure the baseCategory as Potential, both Potential and Confirmed vulnerabilities are included. If you configure the baseCategory as IG, all three categories are included.
name={value}	Mandatory	Text	Provide a unique name for the integration in the API request. The maximum length allowed for a name is 50 characters.
resultSectionNeeded={true\|false}	Optional	Boolean	Set this to true to include the result section in the findings. By default, the resultSectionNeeded parameter is set to false.
sendVulnInfo={true\|false}	Optional	Boolean	Set this to true if you need the vulnerability information. By default, the sendVulnInfo parameter is set to false.
compressData={true\|false}	Optional	Boolean	Set this to true to compress the data in the response. Batch and compressed data saved on disk and network IO. The compressData parameter is configured to true by default.
containerName={value}	Optional	Text	Provide the container’s name, which was created under Azure Storage Blob account for this integration. You can find the vulnerability findings and vulnerability information in this container. If you do not provide container name, we use ‘qualys-vm-findings’ by default. In such case, ensure that container with name ‘qualys-vm-findings’ is created under Azure Storage Blob.
filterQuery	Optional	Query	Filter vulnerabilities and assets using the supported tokens.

Filter Query Tokens

The Qualys Query Language is used to build search queries and fetch information from the Qualys database. You can pick the tokens from our repository and build your own query to find the relevant information.

For example, the below query fetches assessments of a specified qid, discovers ignored vulnerabilities, and searches from the specified range of dates.
‎"vuln" : "qId: 11547 ignored: true AND lastUpdate: [2023-07-06 .. 2023-07-07]"

The below query fetches information of a specified asset id within the provided IP range.
‎"asset" : "assetUuid: `151334c4-3811-40b5-ba92-cfd0064eb9f4` AND ip: (1.1.1.1 .. 5.5.5.5)"

To learn more about building search queries, refer to Qualys Query Language (QQL).

The 'Now' keyword is not currently supported for QQL. Building search queries with it is not produce any results.

The tokens listed below can be used to create the filterQuery for vulnerabilities and assets.

Vulnerability Filter Tokens

Vulnerability filter tokens and their data type are given in the following table :

Token	Data Type
qid	LONG
port	LONG
ignored	BOOLEAN
Disabled	BOOLEAN
filterQuery	Optional
ssl	BOOLEAN
protocol	STRING
timesFound	LONG
status	STRING
firstFound	STRING
lastUpdate	STRING
lastProcessed	STRING
lastReopened	STRING
lastFixed	STRING
lastFound	STRING
lastTest	STRING

Asset Filter Tokens

Asset filter tokens and their data type are given in the following table :

Token	Data Type
assetId	LONG
assetUuid	STRING
hostId	LONG
netBios	STRING
dns	STRING
ip	STRING
os	STRING
trackingMethod	STRING

SampleSample

API Request

"curl""Content-Type:application/json""<qualys_gateway_url>/partner-integration/azure/storage-blob/vm""--data""@integration.json""-H""Authorization: Bearer <token>"

“integration.json” contains the request POST data.

Request POST Data (integration.json)

{
   "connectionString":"BlobEndpoint=https://user_john.blob.core.windows.net/;SharedAccessSignature=sv=2019-12-12&ss=b&srt=co&sp=rwx&se=2020-09-04T22:36:36Z&st=2020-09-04T14:36:36Z&spr=https&sig=key%ckd%3D",
   "minSeverity":4,
   "baseCategory":"Potential",
   "name":"Integration name",
   "resultSectionNeeded":true,
   "sendVulnInfo":true,
   "compressData":true,
   "containerName":"qualys-vm-findings"
}

Output

{
   "integrationId":526
}