Prerequisites

For the Qualys Integration with Google Cloud Security Command Center, the following options must be enabled for your Qualys subscription.

Active Qualys Subscription

You must first have an active Qualys subscription to leverage the Qualys data collection, evaluation, and reporting capabilities for your GCP VM instances. For more details, contact Qualys Support or sign up for a free trial.

Qualys Applications

  • You must have the Qualys Vulnerability Management (VM/VMDR) and Qualys Cloud Agent modules enabled in your subscription.
  • Cloud Agents must be installed on your GCP VM instances. For more information, see Deploying Qualys Cloud Agent from Google Cloud Console.
  • As an alternative to Cloud Agent, you can add Virtual Scanner Appliances and configure them for your GCP instances. GCP VM instance must be able to reach the Qualys Enterprise TruRisk™ Platform over the HTTPS port 443. You also need a scanner personalization code (14 digits), which is used to deploy the Virtual Scanner Appliance. You must generate a new personalization code for every new virtual Scanner Appliance. For more information, see Deploying Virtual Scanner Appliance in Google Compute Engine (GCP).

Roles

  • You must have the Manager or the Unit Manager role in your Qualys subscription.
  • You must have the following Cloud Identity and Access Management (Cloud IAM) roles to set up Security Command Center in Google cloud console:
    • Organization Admin (roles/resourcemanager.organizationAdmin)
    • Security Center Admin (roles/securitycenter.admin)
    • Security Center Settings Admin (roles/securitycenter.settingsAdmin)
    • Security Admin (roles/iam.securityAdmin)
    • Service Account Creator (roles/iam.serviceAccountCreator)

To learn more, see Security Command Center roles.

Google Cloud Security Command Center (SCC)

Security Command Center must be enabled for your organization. For more details, see Quickstarts for Security Command Center.

Security Command Center API

You must enable the Security Command Center APIs for the selected project. To know more, see Enable and disable Google APIs.

GCP Metadata

The following cloud provider metadata is provided by Qualys Cloud Agent and Qualys Virtual Scanner Appliance.   

Metadata provided by Qualys Cloud Agent

General:

  • Instance ID
  • Host Name
  • Machine Type
  • Zone
  • Project Number
  • Project ID

 

Network:

  • Private IP Address
  • MAC Address
  • VPC Network
  • Public IP Address
  • Network Interfaces

Metadata provided by Qualys Virtual Scanner Appliance

QID-45465 Google Cloud Platform (GCP) Linux Instance Metadata:

  • CPU-platform
  • Description
  • Hostname
  • ID
  • Image
  • Machine-type
  • Maintenance-event
  • Name
  • Tags
  • Zone

Read more about Dynamic Tagging by Using GCP Metadata.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.