Prerequisites
Below is the guide to creating a service user for Vanta; this guide also exists in the first step of the connection modal on the Vanta Integrations Page. Visit this link for a Video Walkthrough of the service account creation process.
You'll need a dedicated email for this service account
Go to the Qualys VDMR tool.
You can find your app URL on this page.
Go to the USERS tab in the menu at the top as it's shown in the video.
Click on the New button and the User option.
Fill the general information form with the following unless indicated otherwise:
First Name: Vanta
Last Name: Integration
Title: – (hyphen)
Phone: – (hyphen)
Address 1: – (hyphen)
Country: United States of America
Email Address: Enter the dedicated email address for the service account.
State: California
In the Locale section:
Language: English
Date Format: ISO Format (yyyy-mm-dd)
Time Zone: (GMT -08:00) United States, California (Pacific Standard Time)
In the User Role section:
User Role: Reader
Allow Access to: Check both API and GUI options.
Business Unit: Select the business unit you want to be monitored.
In the Notifications section, set everything to None, off, or No notification, depending on available options.
Save your new user.
Check the email address inbox for incoming emails from Qualys, follow their instructions, and return to this page once you've received a password.
Procedure
Once you've created your Service Account in Qualys, Enter its credentials in the last section of Step 1 in the connection flow.
Click Next, and you should now be able to Select your region.
Use this Guide to determine your Platform Identifier.
Once selected, you will now see Qualys as a connected integration
As well as see your accounts pulled in on the Access page
Tests and controls for Qualys
Vanta automates 10 tests
Critical vulnerabilities identified in packages are addressed (Qualys Container Security)
Critical vulnerabilities identified in packages are addressed (Qualys VMDR)
High vulnerabilities identified in packages are addressed (Qualys Container Security)
High vulnerabilities identified in packages are addressed (Qualys VMDR)
Low vulnerabilities identified in packages are addressed (Qualys Container Security)
Low vulnerabilities identified in packages are addressed (Qualys VMDR)
Medium vulnerabilities identified in packages are addressed (Qualys Container Security)
Medium vulnerabilities identified in packages are addressed (Qualys VMDR)
Qualys accounts associated with users
Qualys accounts deprovisioned when personnel leave
Vanta helps pass 14 controls
Access control
Access established, reviewed, and modified
Access reviews conducted
Access revoked upon termination
Access rights
CUI systems are protected during HR changes such as termination or transfer
Comprehensive Access Management In Place
Identity and Credential Management
Identity management
Logical Access - Account De-Activation
System access is restricted to authorized Access only
Terminated user access removed
Termination procedures established
Users, processes, and devices are authenticated before Access is granted