Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

This article describes how to configure the platform to import Scan Reports or Web Application Reports from Qualys WAS. The details below describe how the platform can automatically retrieve reports from Qualys WAS.

Introduction

The Platform’s API support for Qualys WAS allows web application scan results to be retrieved based on either a Scan Report or Web Application Report.

When Qualys WAS reports have been created in Qualys WAS, the platform can use the Qualys API to enumerate these reports and retrieve their underlying XML data.

Reports from Qualys WAS must be of the XML format and be of type “Scan Report” or “Web Application Report”

Requirements for Reports in Qualys WAS

Please refer to the following article that describes the type of reports support by the Platform:

Supported XML Formats from Qualys VM & WAS

Configuring Auto Import in Platform

During the creation of a new Project, the “Auto Import” feature must be enabled in the project’s settings. Enabling this feature presents the “Auto Importer” section where auto imports can be defined:

image-20240821-145556.png

WAS Reports in Qualys are identified by the Platform using their Report Name. This is necessary so that the Platform can periodically connect to the Qualys API, enumerate WAS Reports (either of type Scan Report or Web Application Report) and retrieve the relevant report with a [partially/fully] matching name:

image-20240821-145832.png

In the Platform, an Auto Import rule must be defined where the “Scan Identifier” field contains a value that partially or fully matches the Report Name from Qualys WAS.

In the below example, note that the “Scan Identifier” field is set to the name of the report taken from Qualys WAS.

WARNING: If multiple reports exist in Qualys WAS, use a suitable Report Name naming scheme that ensures only the intended Qualys WAS report is identified and retrieved by the Platform. If the “Scan Identifier” value in the Platform should match more than one Qualys WAS report, this will prevent the platform from importing the correct results, and may result in results from other web application scans being accidentally imported.

In the example below, the full Report Name taken from Qualys WAS has been used.

image-20240821-150021.png

When all necessary fields have been populated in the “Manage Project Scanner” window, click Submit and this will commit the auto import settings to the project.

Please ensure you then click “Save” in the project’s settings to commit the settings to the platform properly:

image-20240821-150331.png

Once saved, the platform will periodically query the Qualys VM API and identify new WAS reports that match the given criteria defined in the Project’s Auto Importer settings.

  • No labels