This article describes how to configure the platform to import Web Application Reports from Qualys WAS. The details below describe how the platform can automatically retrieve reports from Qualys WAS.

Introduction

The Platform’s API support for Qualys WAS allows web application scan results to be retrieved based on Web Application Reports.

When Qualys WAS reports have been created in Qualys WAS, the platform can use the Qualys API to enumerate these reports and retrieve their underlying XML data.

Reports from Qualys WAS must be of the XML format and be of type “Web Application Report”

Configuring Auto Import in Platform

When editing a Project in the Platform, the Project’s Service Type must be set to “Managed Vulnerability Scanning” and the “Auto Import” feature must be enabled in the project’s settings. In doing so, an “Auto Importer” section appears where auto imports can be defined:

WAS Reports in Qualys are identified by the Platform using their Report Name. This is necessary so that the Platform can periodically connect to the Qualys API, enumerate WAS Reports (of type Web Application Report) and retrieve the relevant report with a [partially/fully] matching name:

In the Platform, an Auto Import rule must be defined where the “Scan Identifier” field contains a value that partially or fully matches the Report Name from Qualys WAS.

In the below example, note that the “Scan Identifier” field is set to the name of the report taken from Qualys WAS.

When all necessary fields have been populated in the “Manage Project Scanner” window, click Submit and this will commit the auto import settings to the project.

Please ensure you then click “Save” in the project’s settings to commit the settings to the platform properly:

Once saved, the platform will periodically query the Qualys VM API and identify new WAS reports that match the given criteria defined in the Project’s Auto Importer settings.