Qualys

Improve the efficiency of your vulnerability management and maximize your budget by instantly importing known issues found on your Qualys WAS scans into Crowdcontrol. Automatically importing these known issues will leverage Crowdcontrol's triage engine to seamless identify any incoming duplicate submissions from Bugcrowd researchers.

Setting up Qualys Integration in Crowdcontrol

You can integrate Qualys with Crowdcontrol.

Qualys WAS Data Import: Crowdcontrol will check for new Qualys WAS scan data to import every hour and import new scan data.

  1. Go to your program’s Settings tab and then click Integrations.

    integration-tab

  2. Click Add Integrations for Qualys.

    add_integration

    The Authorization page is displayed that allows you to authorize Crowdcontrol to access your Qualys account.

  3. Provide the following information:

    • Name: Enter a name of the Integration that must be displayed in Qualys.

    authorization

    • API Location: Select the API endpoint where your Qualys instance runs. When selecting the correct API location, first identify your Qualys WAS login URL. For example, https://qualysguard.qg2.apps.qualys.com. Once identified, your API location will be the same as your Qualys account login except that instead of qualysguard, the API location will be qualysapi. Therefore, for the preceding login URL, the corresponding API location is https://qualysapi.qg2.apps.qualys.com.

    api-location

    • Username: The username of the Qualys WAS account you will be using to connect
    • Password: The password of the Qualys WAS account you will be using to connect
  4. Click Test Authorization to confirm Qualys is properly integrated to Crowdcontrol. Once confirmed, click Save and Connect.

    username-password

  5. Click Web Application Configuration on the left pane.

    web-app-config

  6. Configure the Web Application Scans you want to import into Crowdcontrol by toggling each web scan to the right. A green toggle notifies the web application scan has been successfully configured. Import one or multiple scans by toggling each web scan.

    web-app-status

  7. Enable Qualys integration by moving the Integration Status toggle to the right.

    enable-integration

Qualys WAS Vulnerabilities in Crowdcontrol

Identify Qualys Submission

The imported Qualys submissions are automatically imported in the Unresolved status. These submissions can be identified by the Qualys logo shield.

identify-qualys-submission

Qualys Submissions Auto-Resolved

When Qualys submission is identified and fixed in a scan, Crowdcontrol will automatically move the submission from an Unresolved state to the Resolved state as shown.

submissions-auto-resolved

Submission Inbox

You can identify Qualys submissions in the submission inbox by the Qualys logo shield located below the submission’s priority. To filter your inbox to show only Qualys submissions, use the Source filter.

inbox

Submission Inbox Filters: The submission inbox provides customizable filtering. For more information, see submission filtering.

Managing Bugcrowd Vulnerabilities Within WAS Account

For information about managing Bugcrowd-found vulnerabilities within a Qualys WAS account, see <https://qualysguard.qg1.apps.qualys.in/portal-front/module/was/#tab=was-web-applications.datalist-webapps/>.

Submission Inbox Filters: The submission inbox provides customizable filtering. For more information, see submission filtering.