Post-Configuration Operations at Qualys

Here, you get to know what happens after configuration. 

Once you configure and enable Host Detection input, the application bundled with this extension starts fetching your VM detection data. By default, it pulls 10 hosts at a time. This value is set to such a small number to ensure the application can process your data without hitting the memory limit governed by QRadar.

The first run might take some time, depending on your scan volume. After that, subsequent pulls are incremental, fetching only new or changed data.

QRadar Data Processing

You can understand how data gets into QRadar here. 

Whenever cron runs any job (based on the cron schedule you defined), it makes an outbound API call to Qualys, transforms the XML response it receives into LEEF format, and sends it to the QRadar over a socket using a TCP port configured in QualysMultiline Log Source. Using the DSM editor and QualysLEEF Log Source Type provided with this extension, QRadar then puts this data into the events table in the Ariel database.

Overview Operations 

You can use the following tabs to take an overview of the VM QRadar operations:

1. View Summary.
2. View Knowledgebase.
3. View Reports.
4. Search Vulnerabilities.
5. View Raw data.
6. View detection Input logs.