Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Qualys Connector Best Practices

  • 1 minute(s) read
Prev Next

Agentless Tracking

Team Nucleus recommends using Qualys agentless tracking for all of your scans. This allows you to track an asset through hostname changes, IP changes, and bad DNS setups. Additionally, Qualys will sometimes change the way they display an asset (DNS vs non-DNS) out of the same scan or report, so agentless tracking eliminates duplicate asset buildup.

In Nucleus, this makes asset management simpler as Qualys does not report consistently and also will make your risk metrics, host history tracking, and risk profile more accurate.

Nucleus looks for Qualys Host IDs by default on import of a scan, so this will take effect as soon as you import scans with agentless tracking enabled.

For more information about Qualys Agentless Tracking, refer to this Qualys support document.

In order for Agentless tracking to be enabled, the following must occur in Qualys.

  • Agentless tracking enabled by admin
  • Scan must be an authenticated scan
  • Scan must have the checkbox for the dissolvable agent in order to use agentless tracking in that scan

Technical Report Template Configuration

The Qualys connector will automatically generate a Technical Report Template configured to work with Nucleus. When setting up the Qualys connector, you can enable several optional features depending on the needs of your Qualys application:

Option Description
Import Groups With this option checked, Nucleus will import each Qualys tag as a root level asset group. Since Qualys tags can be very numerous, we recommend not checking this option, and instead, using an asset processing rule to replicate your Qualys tags as a sub-group.
Import Groups From WAS With this option checked, Nucleus will import each Qualys Web Application Scanning (WAS) tag as a root level asset group. Since Qualys tags can be very numerous, we recommend not checking this option, and instead, using an asset processing rule to replicate your Qualys tags as a sub-group.
Delete Report After Ingest After a report is imported, it will delete the report that was generated (WAS) or imported (VM). We recommend enabling this option, as reports can use a high amount of disk space and deleting them after ingest can prevent storage issues.
Use XML Requests Import the data using XML format. Use if setting false positives in Qualys and you still need that functionality. Be aware that Qualys may deprecate this API call in the future, preventing this option from functioning.