Qualys supports MarkLogic authentication for compliance scans using Qualys apps PC, SCA. Simply create a MarkLogic authentication record with details about your credentials to authenticate to a MarkLogic database instance running on a host, and scan it for compliance.
The Scans > Authentication section is where you can find authentication records saved in your account, including MarkLogic records. Each MarkLogic record identifies account login credentials and targets.
See MarkLogic Record Settings below for help with the settings that appear in the MarkLogic record.
Note: This record type is only available in accounts with PC/SCA and is only supported for compliance scans.
What are the steps?
Follow these steps to create or edit a MarkLogic record:
1) Go to Scans > Authentication.
2) Take one of these actions:
2a - To create a new MarkLogic record, select New > Databases > MarkLogic.
2b - To make changes to an existing MarkLogic record, select a record in the list and choose Edit from the Quick Actions menu.
The New MarkLogic Record or Edit MarkLogic Record window appears (depending on the action taken). This is where you make your record settings.
3) Choose a tab on the left side of the MarkLogic Record window to see the settings available. Provide the necessary inputs on each tab, then click Create (for a new record) or Save (when updating an existing record).
Marklogic Record Settings
See the help below for the settings that appear on each of the tabs within the MarkLogic record.
This section has basic settings for the record.
Title - Give the MarkLogic record a title for easy identification.
Login CredentialsLogin Credentials
This section is where you can provide credentials for the user account to be used for MarkLogic authentication.
Username - Enter the username for the user account to use for authentication.
Password / Confirm Password - Enter the password for the user account. Then, confirm the password.
Require Certificate -If you want to authenticate the MarkLogic instance via certificate and private key, then switch the Require Certificate toggle to YES.
Certificate Content- Enter certificate content if the Require Certificate toggle is switched to YES.
Private Key Content- Enter private key details if the Require Certificate toggle is switched to YES.
Target ConfigurationTarget Configuration
This section has Target Configuration settings for the record.
Port - Enter the port number that the MarkLogic database instance is running on.
SSL Verify - Select this option to verify the server's SSL certificate is valid and trusted.
Hosts- Enter the list of FQDNs if the SSL Verify toggle is switched to YES. You must provide a list of FQDNs for all the host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed.
Unix ConfigurationUnix Configuration
This section has Unix Configuration settings for the record.
Unix Installation Path - Enter the Unix installation path of MarkLogic on your Unix hosts.
Unix Data Path - Enter the Unix data configuration file path of MarkLogic on your Unix hosts.
Windows ConfigurationWindows Configuration
This section has Window Configuration settings for the record.
Window Installation Path - Enter the Windows installation path of MarkLogic on your Unix hosts.
Window data Path - Enter the Windows data configuration file path of MarkLogic on your Unix hosts.
Admin server ConfigurationAdmin server Configuration
This section has Admin Server Configuration settings for the record.
Port - Enter the port number that the MarkLogic database instance is running on.
SSL Verify - Select this option to verify the server's SSL certificate is valid and trusted.
Hosts- Enter the list of FQDNs if the SSL Verify toggle is switched to YES. You must provide a list of FQDNs for all the host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed.
Enter or select the target compliance hosts (IPs) that you want to authenticate to with the credentials provided in this record.
Select IPs/Ranges - Click this link to select IPs/ranges from a list of IPs in your account.
Select Asset Group - Click this link to add IP addresses from asset groups in your account. In the Add IPs from Asset Group window, you can see the groups listed with the IPs included in each group. There is also a search option, so you can quickly find groups in the list. Select one or more groups and click Add. The IPs from the selected groups will be added to the record.
Remove - Click this link to remove IPs/ranges from the record. This is especially useful if you want to remove one or more IPs from within an IP range. In the pop-up that appears, enter the IPs/ranges to remove and click Remove. The IPs section in the record will be updated with the IPs removed.
For example, let's say the record includes the range 10.10.10.10-10.10.10.250. If you remove 10.10.10.122, the IPs field will be updated to 10.10.10.10-10.10.10.121, 10.10.10.123-10.10.10.250.
Clear - Click this link to clear the entire IPs field.
Display each IP/Range on new line - Check this option to arrange each IP address and IP range on a new line instead of the comma-separated list.
Provide important notes or comments for this record.
