Qualys

Improve the efficiency of your vulnerability management and maximize your budget by instantly importing known issues found on your Qualys WAS scans into Crowdcontrol. Automatically importing these known issues will leverage Crowdcontrol's triage engine to seamless identify any incoming duplicate submissions from Bugcrowd researchers.

Follow the steps below to integrate Qualys with Crowdcontrol.

Qualys WAS Data Import: Crowdcontrol will check for new Qualys WAS scan data to import every hour and import new scan data.

1. Go to your program Settings and then go to the Integrations tab

integration-tab

2. Click the Add Integrations button for Qualys

add_integration

3. Enter a Name for the Integration

On the Qualys integration settings, enter in the integration name. This name will display in Qualys.

authorization

4. Select the API Location

Then select the correct API Location to configure your Qualys WAS. When selecting the correct API location, first identify your Qualys WAS login URL. For example, https://qualysguard.qg2.apps.qualys.com. Once identified, your API location will be the same as your Qualys account login except you instead of qualysguard the API location will be qualysapi. So for the login URL example above, the corresponding API location would be https://qualysapi.qg2.apps.qualys.com.

api-location

5. Enter Username and Password

Enter your Qualys WAS username and password. Select the blue Test Authorization button to confirm Qualys has been properly integrated to Crowdcontrol. Once confirmed, select the Save and Connect button.

username-password

6. Select the Web Application Configuration Tab

Next, select the Web Application Configuration tab on the left-hand side.

web-app-config

7. Configure Web Application Scans

Configure the web application scans you would like to import into Crowdcontrol by toggling each web scan to the right. A green toggle notifies the web application scan has been successfully configured. Import one or multiple scans by toggling each one.

web-app-status

8. Enable Integration

Once your Quays web application scans have been configured, ensure the Qualys integration is enabled by moving the Integration Status toggle to the right as seen below.

enable-integration

Qualys WAS Vulnerabilities in Crowdcontrol

Identify Qualys Submission

Imported Qualys submissions will automatically be imported at an “Unresolved” status. These submissions can be identified by the Qualys logo shield as seen in the image below.

identify-qualys-submission

Qualys Submissions Auto-Resolved

When Qualys submission is identified and fixed in a scan, Crowdcontrol will automatically move the submission from an ‘Unresolved’ state to the ‘Resolved’ state as seen below. submissions-auto-resolved

Submission Inbox

You can identify Qualys submissions in the submission inbox by the Qualys logo shield located below the submission’s priority. To filter your inbox to show only Qualys submissions, use the Source filter shown in the image below.

inbox

Submission Inbox Filters: The submission inbox provides customizable filtering. For more information, see submission filtering.


Onboarding
Account Management
Program Management
Reporting
Submission Management
Integration Management