Pre-requisites

Install Docker compose.
A valid Qualys subscription with API access enabled for Host Detection, KnowledgeBase, and WAS finding APIs.
Minimum available disk space of 20GB.
Minimum RAM of 8GB.

Roles and Permissions for Available APIs

Refer below to find the API URLs for Knowledgebase, Host Detection and WAS Finding with their required roles and permissions.

/api/2.0/fo/knowledge_base/vuln/?action=list

Role	Permissions
Manager, Unit Manager, Scanner, Reader	Download vulnerability data from the KnowledgeBase.
Auditor	No permission to download vulnerability data from the KnowledgeBase.

/api/2.0/fo/asset/host/vm/detection/

Role	Permissions
Managers	View all VM scanned hosts in subscription
Unit Managers	View VM scanned hosts in the user’s assigned business unit.
Scanners and Readers	View VM scanned hosts in the user’s account.
Auditors	Have no permission to view VM scanned hosts.

This API is available to Express Lite users.
API only returns information for hosts that are assigned to each user through asset groups in VM/VMDR.

WAS Findings

/qps/rest/3.0/search/was/finding

Permissions required

User account must enable WAS module with the permission -

Access Permission “API Access”.