This topic explains how to create a routine to import technology assets from Qualys. All technology assets in the Qualys Assets -> Host Assets list can be automatically imported to the organizational structure and kept updated, without the need for a report. When imported, assets created in the organizational structure will be named as follows: [NetBIOS name] [(IP address)]. If no IP address is detected, the name will be based on its NetBIOS name alone. If no NetBIOS name is identified, the name will be based on its DNS name, and lastly it will be based on its IP address. Keep in mind that, for the information to be imported successfully, users registered in the Qualys website must first enable the API checkbox in the User Role option when editing users.
Assets imported through this task are identified internally using a Qualys ID, which is kept even if the assets are moved to another perimeter. If an imported asset is copied, however, this internal ID will be lost and the system will treat the copied asset as a new asset. Note that in this case vulnerabilities will not likely be mapped correctly as the system will not know which asset they belong to. Note that this task will import all assets found in the Qualys inventory. If the assets registered in Qualys are the same as those registered in an external directory to be integrated with the system through a second integration task, we recommend that only assets from Qualys be imported to the organizational structure. Otherwise, they will be duplicated in the system.
You can filter the assets to be imported by IP ranges or by groups of assets registered in the Qualys database. If no filters are set, this task will import all the assets found in the Qualys database. In the event that there are any vulnerability reports available for assets that are being imported, some additional information included in these reports will also be imported, such as asset components, the DNS name and the NetBIOS.
Should you choose to update properties of assets already imported, the information from Qualys will overwrite any changes made to these assets, including deletions. Note that the configurations for custom asset attributes marked as required in the Objects and Attributes section of this module will be ignored in the XML file and therefore might be left blank. In addition, imported assets deleted in the system will be recreated the next time the task is executed. Only properties of assets already imported will be updated, regardless of whether another asset was created with similar properties in the system. In addition, assets can only be deleted in the system. Any assets deleted in the Qualys database will not be deleted from Modulo Risk Manager after the integration task is run again.
You can choose to either keep all assets created automatically through this integration task in a single perimeter of your choice, or to have assets created in a new perimeter with each import routine. This perimeter will be named as follows: Imported from Qualys Scanner [date + time imported]. Perimeters will only be created if there are new assets to be imported.
In addition to importing assets themselves, you can also choose to create asset components for the operating systems of these assets. Qualys reports which operating system it detects in each of the assets it scans. Asset components are created by mapping the names of these operating systems detected by scanners with CPE names associated with knowledge bases.
If this routine is set to run daily, for example, we recommend that it be executed before any other routines for importing vulnerabilities from Qualys. This will ensure that all assets have been registered in the organizational structure before vulnerability reports are imported, otherwise new reports will have to be generated in Qualys. Keep in mind that only assets from reports generated within the last 30 days will be considered (customizable in the web.config).