Connect Qualys to Vanta

  • Updated

Prerequisites 

Below is the guide to creating a service user for Vanta; this guide also exists in the first step of the connection modal on the Vanta Integrations Page. Visit this link for a Video Walkthrough of the service account creation process.

You'll need a dedicated email for this service account

  1. Go to the Qualys VDMR tool.

    You can find your app URL on this page.

  2. Go to the USERS tab in the menu at the top as it's shown in the video.
  3. Click on the New button and the User option.
  4. Fill the general information form with the following unless indicated otherwise:

    First Name: Vanta

    Last Name: Integration

    Title:  (hyphen)

    Phone:  (hyphen)

    Address 1:  (hyphen)

    Country: United States of America

    Email Address: Enter the dedicated email address for the service account.

    State: California

  5. In the Locale section:

    Language: English

    Date Format: ISO Format (yyyy-mm-dd)

    Time Zone: (GMT -08:00) United States, California (Pacific Standard Time)

  6. In the User Role section:

    User Role: Reader

    Allow Access to: Check both API and GUI options.

    Business Unit: Select the business unit you want to be monitored.

  7. In the Notifications section, set everything to None, off, or No notification, depending on available options.

  8. Save your new user.
  9. Check the email address inbox for incoming emails from Qualys, follow their instructions, and return to this page once you've received a password.

 

Procedure

Once you've created your Service Account in Qualys, Enter its credentials in the last section of Step 1 in the connection flow.

  • Click Next, and you should now be able to Select your region.
  • Use this Guide to determine your Platform Identifier.

  • Once selected, you will now see Qualys as a connected integration
  • As well as see your accounts pulled in on the Access page

 

Tests and controls for Qualys

Vanta automates 2 tests

  • Qualys accounts associated with users
  • Qualys accounts are de-provisioned when employees leave

Vanta helps pass 14 controls

  • Access control
  • Access established, reviewed, and modified
  • Access reviews conducted
  • Access revoked upon termination
  • Access rights
  • CUI systems are protected during HR changes such as termination or transfer
  • Comprehensive Access Management In Place
  • Identity and Credential Management
  • Identity management
  • Logical Access - Account De-Activation
  • System access is restricted to authorized Access only
  • Terminated user access removed
  • Termination procedures established
  • Users, processes, and devices are authenticated before Access is granted