Qualys Integrations

Unlock the full potential of the Enterprise TruRisk Platform with seamless native integrations. Elevate your risk management with Qualys connectors to bridge the gap between IT and Security and fine-tune TruRisk Scoring.

Explore them Now

All risk factors from your environment, consolidated into one platform.

No Code Required.

Measure

Enhance your risk measurement by assimilating crucial risk factors from diverse IT/Security tools across your ecosystem. Analyze non-Qualys data, such as asset criticality and end-of-service, ensuring a comprehensive understanding of TruRisk.

Communicate

Consolidate risk insights, bringing together data from an array of sources. Fine-tune your TruRisk Scoring and effectively communicate business risk to all stakeholders. Deliver a holistic risk narrative to align and engage stakeholders.

Eliminate

Take decisive actions against critical risks by integrating with your preferred ITSM, ticket management, or reporting tools. Drive a proactive and synchronized approach to risk mitigation by unifying IT and security workflows within and beyond the Enterprise TruRisk Platform.

Connect to the Enterprise TruRisk Platform

QUALYS APPLICATIONS:

CATEGORIES:

PLATFORM:

RISK SOURCE:

WIZ

Type

Risk Source

Qualys ETM with Wiz enhances risk management with cloud-native security, automation, and TruRisk™ insights.

Read more

Qualys Applications supported

ETM

Microsoft Defender for Endpoint

Type

Risk Source

Qualys ETM with Mircrosoft Defender for Endpoint provides enhanced risk visibility, AI protection, automation & more.

Read more

Qualys Applications supported

ETM

Generic CSV

Type

Risk Source

Qualys ETM's Generic CSV Connector simplifies data ingestion, boosting TruRisk™-driven risk management.

Read more

Qualys Applications supported

ETM

Amazon Inspector

Type

Risk Source

Qualys ETM with Amazon Inspector improves cloud risk management with TruRisk™, automation, and insights.

Read more

Qualys Applications supported

ETM

Qualys Technology Add-On for Splunk Enterprise

Type

SIEM

The IntSights integration with Qualys combines IntSights Vulnerability Risk Analyzer™ with Qualys Cloud Platform for complete visibility into assets and prioritized vulnerabilities across the enterprise. Security teams get relevant risk-scored CVEs enriched with external threat intelligence, revolutionizing the vulnerability patch management process. This robust integration enables joint customers to instantly sync vulnerabilities from Qualys and prioritize CVE patching based on risk severity.

Read more

Qualys Applications supported

VM

PC

WAS

CS

FIM

EDR

SEM

Qualys VM for IBM QRadar

Type

SIEM

If you have a Qualys subscription and API access, you can use the Qualys VM app to ingest your Qualys VM detections into QRadar and visualize them on a single page. Install the app, configure, and schedule the sync. The Qualys App will continue pulling your detection delta, so you will always see updated reports.Want to visualize historical data? Just use date-time pickers given in the Qualys App and see useful reports.

Read more

Qualys Applications supported

VM

Qualys Web App Scanning Connector for Azure DevOps

Type

CI/CD

The Azure DevOps extension helps integrate the Azure Pipelines CI/CD tool with the Qualys Web Application Scanning (WAS) Module. This extension will empower DevOps teams to build application vulnerability scans into their existing Azure pipeline tasks. By integrating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws. The extension can be configured to fail or pass the builds based on the vulnerabilities detected. The extension will also generate a report for the scan in the build. The current version of the extension will only support the cloud-based Azure DevOps Setup.

Read more

Qualys Applications supported

WAS

Qualys CMDB Sync

Type

Inventory

The Qualys CMDB Sync App for Configuration Management Database (CMDB) automatically synchronizes comprehensive information about your global IT resources that Qualys Asset Inventory continuously monitors. This leverages Qualys’ highly distributed and scalable cloud platform and various data collection tools including Qualys’ groundbreaking Cloud Agents, to compile and continually update a full inventory of your IT assets everywhere- on-premises, in elastic clouds, and mobile endpoints.

Read more

Qualys Applications supported

CSAM

Qualys IaC Security for Atlassian Bitbucket

Type

CI/CD

Qualys IaC Bitbucket pipeline script scans the Infrastructure-as-Code templates from your Bitbucket repository using Qualys CloudView (Cloud Security Assessment). It checks for security issues using the Qualys Cloud Infrastructure as Code scans and displays the failed checks as pipeline annotations.

Read more

Qualys Applications supported

TC/IaC Security

Qualys Container Scanning Connector for Azure DevOps

Type

CI/CD

The Azure DevOps extension helps integrate the Azure Pipelines CI/CD tool with the Qualys Container Security (CS) Module. Currently, this extension, along with the CS Sensor, helps to get the security posture for the OCI-compliant container images built via the tool. The extension can be configured to fail or pass the container image builds based on the vulnerabilities detected. The extension will also generate a report for the container image in the build.

Read more

Qualys Applications supported

CS

Qualys CMDB sync Service Graph Connector

Type

Inventory

The Qualys CMDB Sync Service Graph Connector for Configuration Management Database (CMDB) automatically synchronizes comprehensive information about your global IT resources that Qualys Asset Inventory continuously monitors. This leverages Qualys’ highly distributed and scalable cloud platform, and various data collection tools, including Qualys’ groundbreaking Cloud Agents to compile and continually update a full inventory of your IT assets everywhere - on-premises, in elastic clouds, and mobile endpoints.

Read more

Qualys Applications supported

CSAM

Qualys Web App Scanning Connector for Jenkins

Type

CI/CD

The Qualys Web App Scanning Connector empowers DevOps teams to build application vulnerability scans into their existing CI/CD processes. By integrating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws.

Read more

Qualys Applications supported

WAS

Qualys FIM for IBM QRadar

Type

SIEM

Suppose you have a Qualys subscription and API access. In that case, you can use the Qualys App for QRadar to ingest your Qualys FIM Events, Ignored Events, and Incidents into QRadar and visualize them on a single page.All you need to do is install the app, configure the app, and schedule the sync. The Qualys FIM App will continuously pull your event delta. Want to visualize historical data? Use date-time pickers in the QRadar's Activity log or application Dashboard to check the useful information.

Read more

Qualys Applications supported

FIM

Vulnerability Response Integration with Qualys WAS

Type

Ticketing

With Vulnerability Response Integration with Qualys WAS, Qualys leverages the WAS APIs to integrate with ServiceNow. Use this integration to get a single glass pane view of all your web application scans in ServiceNow that helps you prioritize and remediate application vulnerabilities

Read more

Qualys Applications supported

WAS

Qualys Core App

Type

Ticketing

With Vulnerability Response Integration with Qualys WAS, Qualys leverages the WAS APIs to integrate with ServiceNow. Use this integration to get a single glass pane view of all your web application scans in ServiceNow that helps you prioritize and remediate application vulnerabilities

Read more

Qualys Applications supported

VM

FIM

PC

Qualys Container Scanning Connector for Jenkins

Type

CI/CD

The Qualys Container Scanning Connector for Jenkins empowers DevOps to assess container images in their existing CI/CD processes with the help of Qualys Container Security(CS) module. Integrating this assessment step will help you catch and eliminate container images related flaws. This plugin supports pipeline as well as freestyle projects.

Read more

Qualys Applications supported

CS

Qualys VMDR for ITSM

Type

ITSM

Qualys VMDR helps organizations to automate the process of vulnerability management. It provides the ability to create ServiceNow tasks based on vulnerability findings from Qualys VMDR, assign tasks to appropriate assignment groups, and automatically close the tasks once the vulnerabilities are remediated.

Read more

Qualys Applications supported

VM

Qualys IaC Security for Azure DevOps

Type

CI/CD

The Qualys IaC Security empowers DevOps teams to build Infrastructure as Code (IaC) scans into their existing CI/CD processes. By integrating scans in this manner, infrastructure-as-code security is accomplished earlier in the SDLC to catch and eliminate misconfigurations in your cloud. The extension can be configured to fail or pass the builds based on the misconfigurations detected.

Read more

Qualys Applications supported

TC/IaC Security

Qualys Host Scanning Connector for Jenkins

Type

CI/CD

The Qualys Host Scanning Connector empowers DevOps teams to automate the VM scanning of host and EC2 cloud instances from Jenkins. By integrating scans this way, Host or Cloud instance security testing is accomplished to discover and eliminate security flaws.

Read more

Qualys Applications supported

VM

Qualys Container Scanning Connector for Atlassian Bamboo

Type

CI/CD

Qualys Container Security provides discovery, tracking, and continuous protection for container environments. This addresses vulnerability management for images and containers in their DevOps pipeline and deployments across cloud & on-premise environments. Atlassian Bamboo users can integrate with Qualys Container Security to get the vulnerability analysis of images in the build environment. You need to buy a Qualys subscription to deploy and use the plugin. Install the Container Sensor on the Build host (nodes) where the images are being created. The sensor performs a vulnerability analysis of the images configured in the connector. The Bamboo connector provides a detailed list of the vulnerabilities directly within the connector. You can optionally access your Qualys subscription to view the full report.

Read more

Qualys Applications supported

CS

Qualys Policy Compliance Scanning Connector for Jenkins

Type

CI/CD

The Qualys Policy Compliance Scanning Connector empowers DevOps to automate the PC scanning of host or cloud instances from Jenkins. By integrating scans in this manner, Host or cloud instance security testing is accomplished to discover and eliminate policy compliance-related flaws.

Read more

Qualys Applications supported

PC

Qualys Connector for Atlassian Jira

Type

Ticketing

Qualys integration with Jira helps organizations automate vulnerability remediation workflows by providing real-time visibility into vulnerability status and streamlining IT & Security operations to reduce the time for remediation. This integration helps you to bring vulnerability context in Jira and to streamline the overall vulnerability tracking process along with the owners. The best part is that we support both Cloud and on-premises Jira instances.

Read more

Qualys Applications supported

VM

WAS

CS

Qualys Web App Scanning Connector for Atlassian Bamboo

Type

CI/CD

With a valid Qualys WAS account, you can configure the plugin to fail the build if certain criteria are met, such as the presence of specific QIDs or a severity 5 vulnerability. Scan results can be viewed directly in Bamboo, and a link to the full scan report in the Qualys UI is also provided. The plugin supports all Qualys shared platforms and customers using a private cloud platform (PCP)

Read more

Qualys Applications supported

WAS

Qualys Cloud Agent for VMware Tanzu

Type

PaaS

With Qualys Cloud Agent deployed in your VMs, you can receive continuous network security updates through the cloud.

Read more

Qualys Applications supported

CA

Qualys IaC Security CLI

Type

CI/CD

The Qualys IaC app provides quick & reliable way to assess your Infrastructure-as-a-Code templates and uncover potential vulnerable situations. The QIaC provides you with an interface to interact with Qualys IaC module in a simple way.

Read more

Qualys Applications supported

TC/IaC Security

Qualys WAS Burp Extension

Type

CI/CD

The Qualys WAS Burp extension provides a way to easily push Burp scanner findings to the Web Application Scanning (WAS) module within the Qualys Cloud Platform. As a Qualys WAS customer, you can view and report Burp issues alongside WAS findings for a complete picture of your web application's security posture.

Read more

Qualys Applications supported

WAS

AD Connector

Type

Inventory

Security teams must account for all Active Directory-managed assets, but they often rely only on IP scans and spreadsheets to inventory these assets. This creates coverage gaps and blind spots, leaving assets unmanaged in their VM program. Active Directory also contains device data critical to security posture, but organizations struggle to extract the data in a form that can be operationalized.That’s why Qualys CyberSecurity Asset Management (CSAM) has introduced the Microsoft Active Directory connector. In addition to powerful native discovery methods, CSAM has added the ability to discover all Active Directory-managed assets and specific business context stored in AD. This allows security teams to uncover blind spots in their attack surface and enrich managed assets with critical business context. It also bridges the IT security gap, aligning teams with consistent and accurate asset data in AD and VMDR. By reducing the coverage gap in VMDR and other security programs, organizations accelerate risk-based vulnerability prioritization with critical business context.

Read more

Qualys Applications supported

CSAM

BMC Helix Connector

Type

Inventory

The Qualys BMC Helix CMDB Connector automatically synchronizes comprehensive information about your global IT resources for Qualys Asset Inventory to monitor continuously. The BMC Helix Connector leverages Qualys' highly distributed and scalable cloud platform and various data 'collection tools, including Qualys Cloud Agents, to compile and continually maintain a complete inventory of your IT assets. The connector offers two-way synchronization, allowing you to discover Qualys assets in your BMC Helix environment.

Read more

Qualys Applications supported

CSAM

Add Third-Party Risk Factors to TruRisk Today

"With the Qualys CMDB Sync into the Service Graph Connector, customers can further simplify asset life cycle management while improving their security posture."

- Jeff Hausman, VP and General Manager of IT Ops, Security, and CMDB, ServiceNow

Try it Now

With the Qualys CMDB Sync into the Service Graph Connector, customers can further simplify asset life cycle management while improving their security posture.

Jeff Hausman

P and General Manager of IT Ops, Security, and CMDB

We use Qualys as a way to paint a picture of security and feed it to our executives.

Chris Lalonde

Senior Manager, Information Security, eBay

As soon as we introduced Qualys’ APIs into the environment, we cut the time to less than 24 hours.

Emmanuel Enaohwo

Senior Manager for Vulnerability / Configuration Management, Capital One

Qualys has allowed us to gain visibility to vulnerabilities that we’ve never had access to, especially since our workforce is typically mobile and at client sites.

Gregston Chu

Senior Manager, Deloitte
More Success Stories