Skip to main content
Skip table of contents

Qualys Cloud Agent

LAST UPDATED: JAN 22, 2025

Overview

The Qualys Cloud Agent integration enables the management of Cloud Agents, activation keys, and configuration profiles for the agents.

D3 SOAR is providing REST operations to function with Qualys Cloud Agent.

Qualys Cloud Agent is available for use in:

D3 SOAR

V16.8.0+

Category

Vulnerability Management

Deployment Options

Option II, Option IV

Connection

To connect to Qualys Cloud Agent from D3 SOAR, follow this part to collect the required information below:

Parameter

Description

Example

Qualys API Server URL

The Server URL of the Qualys API Server.

https://qualysapi.*****

Username

The username used to log in to the Qualys platform.

*****

Password

The password used to log in to the Qualys platform.

*****

API Version

The API version.

2.0

Permission Requirements

Each endpoint in the Qualys Cloud Agent API requires a certain permission scope. The following are the minimum scopes required for the commands in this integration:

Command

Minimum Required Scopes

Launch On Demand Scans

Cloud Agent > CA Agent Permissions > Launch On-Demand Scan

Search Cloud Agents

Cloud Agent > CA Module Access Permissions > CA API Access Permissions for subusers

Test Connection

Cloud Agent > CA Module Access Permissions > CA API Access Permissions for subusers

As Qualys Cloud Agent is using role-based access control (RBAC), the command permissions are inherited from the user account’s assigned role. Users need to configure their permission scopes from the Qualys Cloud Agent console for each command in this integration.

Configuring Qualys Cloud Agent to Work with D3 SOAR

Retrieving the Qualys API Server URL

  1. Log in to Qualys Cloud Platform.

  2. Click on the Help button in the top-right corner, then click on the About option.

  3. Locate the Scanner Appliances > Security Operations Center (SOC) section, then copy the endpoint containing "api" (without the leading dash).

  4. Paste the endpoint into a text editor, then add "https://" at the beginning of the endpoint to create the Qualys API Server URL.

Refer to step 3i sub-step 1 in Configuring D3 SOAR to Work with Qualys Cloud Agent. For detailed information, refer to URL to Qualys API Server | Qualys Docs.

Configuring the Permission Scopes

This section is only applicable for users with Manager roles.

  1. Open the expandable menu, then click the Administration module.

    Group 15.png
  2. Navigate to the Roles tab, then click on the New Role button.

    Group 16.png
  3. Enter a name for the role, then click on the Continue button.

    Group 17.png
  4. Select the API Access checkbox and, optionally, the UI Access checkbox to grant access to the Qualys Cloud Platform application UI.

    Group 18.png
  5. Select the Cloud Agent module.

    Group 19.png
  6. Click on the Change link to refine the permission scopes for the role.

    Group 20.png
  7. Refine the scopes.

    Group 21.png
    1. Check the required scopes.
      By default, all scopes within the module are selected. To restrict this role to specific scopes, clear all checkboxes and select only the necessary scopes.

    2. Click on the Continue button.

  8. Click on the Finish button to add the role.

    Group 22.png
  9. Select the down arrow next to the name of the newly created role and choose the Add To Users option.

    Group 23.png
  10. Select the users to add, then click on the Save button.

    Group 24.png
  11. Navigate to the Users tab, then double-click into the user whose permissions need to be configured.

    Group 25.png
  12. Select the Roles And Scopes tab, then click on the Edit button.

    Group 26.png
  13. Add the Cloud Agent scope tag.

    Group 27.png
    1. Click on the Select option.

    2. Search for and select the Cloud Agent tag.

    3. Click on the Save button.

For further information or troubleshooting, refer to Assign Role to Users | TotalCloud Online Help.

Configuring D3 SOAR to Work with Qualys Cloud Agent

  1. Log in to D3 SOAR.

  2. Find the Qualys Cloud Agent integration.

    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type Qualys Cloud Agent in the search box to find the integration, then click it to select it.

    4. Click on the + Connection button on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to Qualys Cloud Agent.

    1. Connection Name: The desired name for the connection.

    2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.

    4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): Add a description for the connection.

    6. Active: Check the checkbox to ensure the connection is available for use.

    7. Configure User Permissions: Defines which users have access to the connection.

    8. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

      1. Input the Qualys API Server URL. Refer to step 4 in Configuring Qualys Cloud Agent to Work with D3 SOAR.

      2. Input the Username used to log in to Qualys.

      3. Input the Password used to log in to Qualys.

      4. Input the API Version. The default value is 2.0.

    9. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.

    10. Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.

      To set up a connection health check, check the Connection Health Check tick box. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.

  4. Test the connection.

    1. Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

Commands

Qualys Cloud Agent includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command function, users can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Qualys Cloud Agent API, refer to the Qualys Cloud Agent API reference.

Note for Time-related parameters

The input format of time-related parameters may vary based on user account settings, which may cause the sample data in commands to differ from what is displayed. To adjust the time format, follow these steps:

  1. Navigate to Configuration > Application Settings. Select Date/Time Format.

  2. Choose the desired date and time format, then click on the Save button.

After that, users will be able to view their preferred time format when configuring the DateTime input parameters for commands.

Launch On Demand Scans

Launches on-demand scans for the specified assets where Cloud Agents are installed.

READER NOTE

Cloud Agent IDs is a required parameter to run this command.

  • Run the Search Cloud Agents command to obtain the Cloud Agent IDs. Cloud Agent IDs can be found in the raw data at the path $.ServiceResponse.data.HostAsset[*].id.

Input

Input Parameter

Required/Optional

Description

Example

Cloud Agent IDs

Required

The IDs of the assets for which to launch on-demand scans. Cloud Agent IDs can be obtained using the Search Cloud Agents command.

JSON
[ "*****" ]

Scan Type

Optional

The type of on-demand scans to be launched. Available options are:

  • Inventory Scan

  • Vulnerability Scan

  • Policy Compliance Scan

  • UDC Scan

  • SCA Scan

  • SWCA Scan

By default, the value is set to Inventory Scan.

Vulnerability Scan

Override CPU Throttle Limits

Optional

Whether to override CPU throttle limits for the on-demand scan. True overrides the configuration profile limits, while False uses the configured values.

By default, the value is set to False.

False

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Launch On Demand Scans failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Qualys Cloud Agent portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Authentication failed.

Error Sample Data

Launch On Demand Scans failed.

Status Code: 401.

Message: Authentication failed.

Search Cloud Agents

Searches for Cloud Agents in the user's account.

Input

Input Parameter

Required/Optional

Description

Example

Last Checked In Time From

Optional

Returns Cloud Agents that last checked in after the specified time (in UTC).

By default, the value is the time when the agent was installed.

12/29/2024 09:00 AM

Last Checked In Time To

Optional

Returns Cloud Agents that last checked in before the specified time (in UTC).

To retrieve all agents that have not checked in within the last N days, set this parameter to the cut-off time without specifying a value for the Last Checked In Time From parameter.

By default, the value is the current time.

01/02/2025 08:00 PM

Host Name

Optional

Filters Cloud Agents using a full or partial host name. Host names are case-sensitive.

*****

OS

Optional

Filters Cloud Agents based on the full or partial operating system name. Operating system names are case-sensitive.

Windows

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Search Cloud Agents failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Qualys Cloud Agent portal. Refer to the HTTP Status Code Registry for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Last Checked In Time From parameter should not be bigger than Last Checked In Time To parameter.

Error Sample Data

Search Cloud Agents failed.

Status Code: 400.

Message: Last Checked In Time From parameter should not be bigger than Last Checked In Time To parameter.

Test Connection

Allows users to perform a health check on an integration connection. Users can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

More details about an error can be viewed in the Error tab.

String

Error Handling

If the Return Data displays Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Qualys Cloud Agent portal. Refer to the HTTP Status Code Registry for details.

Status Code: 401.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Authentication failed.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 401.

Message: Authentication failed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.