# Qualys With a Qualys integration license, you can configure OneSite Patch to collect vulnerability metadata from your Qualys Cloud Agent tool. For a full list of imported values from Qualys Cloud Agent, please see the [Qualys values](#qualys-values) section below. ## Add Qualys license key To enable Qualys integration, you will need either a *OneSite Patch Enterprise for Qualys* key, or a *Qualys add-on for OneSite Patch* key. For more information about acquiring these keys, please reach out to your Sales manager. You can add and view your license keys in the Adaptiva Admin Portal. Please see [License your Adaptiva solution](https://docs.adaptiva.com/platform-guide/license-solution#add-a-license) page for more details. ## Prerequisites ### Username and password from Qualys account Your region can be determined from your usernames. * If you're unsure of your region, please see Qualys' [Username format](https://www.qualys.com/platform-identification/) page. * Example: adaptiva\_ab1 * Users will be required to have API permissions enabled. ![](https://2503798551-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7VJNM00p5XQ4pMWqCu8y%2Fuploads%2Fgit-blob-a56a1cfbe780303d3b4faa48391d677acb4f4871%2Fuser-role.png?alt=media) For more information on how to setup your Qualys Cloud Agent, please visit the following pages or contact Qualys support: * [Cloud Agent Getting Started Guide](https://docs.qualys.com/en/ca/getting-started-guide/get_started/get_started.htm) * [Download and install the Qualys Cloud Agent](https://docs.qualys.com/en/csam/latest/inventory/sensors/cloud_agent.htm) ### API Host URL Qualys hosted platforms are specified by region or privately hosted platforms by valid API host URIs. * For a full list of valid API host URIs please visit Qualys' [API URLs](https://www.qualys.com/platform-identification/) page. * Your URI should always begin with `https://qualysapi`. The remainder of the URL must also be well-formed without any query parameters (e.g. ?action=list), path (e.g. /qualys/path/), or fragment (e.g. #page1). * Example: `https://qualysapi.qualys.com` ## Configure Qualys access in the Adaptiva Admin Portal Follow the steps below of how to connect Qualys access in the Adaptiva Admin Portal. 1. Log in to the **Adaptiva Admin Portal**. 2. Select **OneSite Patch** from the Admin Portal. 3. Select **Qualys** from the left side bar navigation. ![](https://2503798551-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7VJNM00p5XQ4pMWqCu8y%2Fuploads%2Fgit-blob-4e5b1509cba81b155e2245706c7cb93832d72ce1%2Fqualys-side-bar-nav.png?alt=media) 4. Enter in the following into the **Qualys Access Settings**: ![](https://2503798551-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7VJNM00p5XQ4pMWqCu8y%2Fuploads%2Fgit-blob-280dda9e32e86ff9d0deba5bad31284f6ee00107%2Fqualys-access-settings.png?alt=media) * **API Host URL** - Enter your API Host URL. See [Prerequisites](#prerequisites) section above. * **Username and Password** - Enter your Qualys Username and Password. See [Prerequisites](#prerequisites) section above. * **Vulnerability Data Reset Schedule** - Must be set to at least 8-hour intervals or more. 5. Click **Save**. ## Custom Qualys Bots When Qualys is integrated into OneSite Patch, you will see Qualys specific bots from the Bots pane. The values above are imported and shared to these bots. ![](https://2503798551-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7VJNM00p5XQ4pMWqCu8y%2Fuploads%2Fgit-blob-76998d8a3db937c0f9f44f75eeac2f8caff82dbf%2Fbots.png?alt=media) ## Metadata properties | Property | Description | | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Qualys.ActiveAttacks | True if a given vulnerability is being actively attacked in the wild. | | Qualys.CisaKnownExploitedVulns | True if a given vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) Catalog. | | Qualys.ConfirmedVulnerability | True if a given vulnerability has the type "Confirmed". The remaining type options are "Potential" or "Info". | | Qualys.DenialOfService | True if a given vulnerability has the ability to overload or crash a compromised system, causing temporary or even permanent unavailability. | | Qualys.EasyExploit | True if a given vulnerability can be exploited with few skills and little overall cybersecurity knowledge. | | Qualys.ExploitKit | True if a given vulnerability has an associated exploit kit available. | | Qualys.ExploitPublic | True if a given vulnerability is well known, and code that exploits the vulnerability is publicly available. | | Qualys.HighDataLoss | True if a given vulnerability, when exploited, can result in a high amount of data lost. | | Qualys.HighLateralMovement | True if a given vulnerability, when exploited, allows an attacker to propagate that attack over a broader network such as the corp-net of the vulnerable system. | | Qualys.Malware | True if a given vulnerability is associated with a malware infection | | Qualys.MaxCvssScore | The maximum Common Vulnerability Scoring System (CVSS) score of a vulnerability. A decimal value with one digit after the decimal place, between 0.0 and 10.0, indicating the severity of a given vulnerability with 10.0 being the most severe. Unlike QDS, which is determined by Qualys' own formulation, the CVSS score is determined by an industry-shared scoring system, which is then taken into account to determine the QDS score. Similar to the QDS score, if the QIDs associated with one vulnerability report different CVSS scores, then only the highest value is considered here. If a CVSS score is not retrieved when querying Qualys servers, the value 0.0 is assumed. | | Qualys.MaxEpssScore | A decimal value between 0.0 and 1.0, indicating the likelihood of the specified vulnerability being exploited in the next 30 days. Similar to the QDS and CVSS scores, if the QIDs associated with one vulnerability report different EPSS scores, then only the highest value is considered here. If an EPSS score is not retrieved when querying Qualys servers, the value 0.0 is assumed. | | Qualys.MaxQdsScore | The maximum Qualys Detection Score (QDS) of a vulnerability. A number between 1 and 100 describing the severity of a given vulnerability as reported by Qualys, with 100 being the most severe. A vulnerability (packaged as a CVE) may appear in multiple QIDs fetched from a Qualys server, so if the QIDs associated with that vulnerability contain different QDS scores, then only the highest value is considered here. | | Qualys.NoPatch | True if a given vulnerability does not have a fix from the vendor. | | Qualys.PredictedHighRisk | True if a given vulnerability was predicted by the Qualys Machine Learning model to be high risk based on a variety of input sources. | | Qualys.PrivilegeEscalation | True if a given vulnerability allows an attacker to gain elevated privileges upon exploiting the vulnerability. | | Qualys.Ransomware | True if a given vulnerability is associated with known ransomware. | | Qualys.RemoteCodeExecution | True if a given vulnerability, when exploited, can allow an attacker to run an arbitrary set of commands or code on the targeted system. | | Qualys.SeverityLevel | One of {"Low", "Medium", "High", "Critical"}. This value comes from the max QDS score for a given vulnerability, where QDS range 1-39 maps to "Low", 40-69 to "Medium", 70-89 to "High", and 90-100 to "Critical". | | Qualys.SolorigateSunburst | True if a given vulnerability is associated with the supply-chain backdoor, known as Solorigate/SUNBURST, introduced to SolarWinds Orion via a compromised software update mechanism. | | Qualys.UnauthenticatedExploitation | True if a given vulnerability does not require authentication to exploit. | | Qualys.Wormable | True if a given vulnerability can be used in worms, allowing it to be spread without user interaction. | | Qualys.ZeroDay | True if a given vulnerability has no vendor patch available despite an active attack in the wild |