Qualys Prerequisites
The requirements to fulfill from your Qualys account configurations to start with the Jira Connector.
Roles and Permissions for Available APIs
Ensure you have a valid Qualys subscription with API access enabled for Host Detection, Knowledgebase, WAS finding APIs and Container Security APIs.
Refer below to find the API URLs for Knowledgebase, Host Detection, WAS Findings and Container Security with their required roles and permissions.
/api/2.0/fo/knowledge_base/vuln/?action=list
|
Role |
Permissions |
|---|---|
|
Manager, Unit Manager, Scanner, Reader |
Download vulnerability data from the KnowledgeBase. |
|
Auditor |
No permission to download vulnerability data from the KnowledgeBase. |
Host DetectionsHost Detections
/api/2.0/fo/asset/host/vm/detection/
|
Role |
Permissions |
|---|---|
|
Managers |
View all VM scanned hosts in subscription |
|
Unit Managers |
View VM scanned hosts in the user’s assigned business unit. |
|
Scanners and Readers |
View VM scanned hosts in the user’s account. |
|
Auditors |
Have no permission to view VM scanned hosts. |
- This API is available to Express Lite users.
- API only returns information for hosts that are assigned to each user through asset groups in VM/VMDR.
Refer to Qualys API (VM, PC) User Guide for more.
WAS Findings
/qps/rest/3.0/search/was/finding
Permissions required
User account must enable WAS module with the permission -
Access Permission “API Access”.
Refer to Qualys API (WAS) User Guide for more.
Container Security
Permissions required
- The user must have the Container Security module enabled.
- The user must have CS API Access permission.
- The user must have role-based access permission for the action being taken.
Refer to Qualys Container Security API User Guide for more