Qualys VMDR Integration
Overview
Qualys Vulnerability Management, Detection, and Response provides continuous vulnerability assessment. KYRA MDR collects Qualys findings via the API for vulnerability management and risk-based alerting.
Prerequisites
- A KYRA MDR Collector installed and running
- Qualys subscription with VMDR module
- API credentials
- Qualys API URL for your platform
Configuration
Configure Qualys API integration:
- Obtain API access credentials from your Qualys administrator
- Identify your Qualys API URL (e.g.,
https://qualysapi.qualys.com) - Configure the KYRA MDR collector:
sources: - type: qualys api_url: https://qualysapi.qualys.com username: <api-username> password: <api-password> poll_interval: 3600s- Restart the collector service
Collected Log Types
| Log Type | Description | Security Use |
|---|---|---|
| Host Detections | Vulnerability detections per host | Risk assessment |
| QIDs | Qualys vulnerability identifiers | Vulnerability tracking |
| Compliance | Policy compliance status | Compliance monitoring |
| Asset Inventory | Discovered assets and attributes | Asset management |
| Patch Availability | Available patches for findings | Remediation planning |
| Threat Indicators | Active exploit and malware flags | Threat prioritization |
Troubleshooting
API authentication failed: Use the correct platform URL for your region (qualysapi.qualys.com, qualysapi.qg2.apps.qualys.com, qualysapi.qualys.eu).
No detection data: Ensure vulnerability scans have been completed.
Rate limiting: Qualys enforces concurrent session limits. Set poll interval to at least 3600 seconds.
Contact kyra@seekerslab.com for support.