Below is the guide to creating a service user for Vanta; this guide also exists in the first step of the connection modal on the Vanta Integrations Page. Visit this link for a Video Walkthrough of the service account creation process.
You'll need a dedicated email for this service account
Go to the Qualys VDMR tool.
You can find your app URL on this page.
Go to the USERS tab in the menu at the top as it's shown in the video.
Click on the New button and the User option.
Fill the general information form with the following unless indicated otherwise:
First Name: Vanta
Last Name: Integration
Title: – (hyphen)
Phone: – (hyphen)
Address 1: – (hyphen)
Country: United States of America
Email Address: Enter the dedicated email address for the service account.
In the Locale section:
Date Format: ISO Format (yyyy-mm-dd)
Time Zone: (GMT -08:00) United States, California (Pacific Standard Time)
In the User Role section:
User Role: Reader
Allow Access to: Check both API and GUI options.
Business Unit: Select the business unit you want to be monitored.
In the Notifications section, set everything to None, off, or No notification, depending on the options available.
Save your new user.
Check the Email address inbox for incoming emails from Qualys, follow the instructions provided by them, and return to this page once you've been provided with a password.
Once you've created your Service Account in Qualys, Enter its credentials in the last section of Step 1 in the connection flow
- Click Next and you should now be able to Select your region.
- Use this Guide to determine your Platform Identifier
- Once selected you should be good to go! You'll now see Qualys as a connected integration
- As well as see your accounts pulled in on the Access page:
Tests and controls for Qualys
Vanta automates 2 tests
- Qualys accounts associated with users
- Qualys accounts are de-provisioned when employees leave
Vanta helps pass 14 controls
- Access control
- Access established, reviewed, and modified
- Access reviews conducted
- Access revoked upon termination
- Access rights
- CUI systems are protected during HR changes such as termination or transfer
- Comprehensive Access Management In Place
- Identity and Credential Management
- Identity management
- Logical Access - Account De-Activation
- System access is restricted to authorized Access only
- Terminated user access removed
- Termination procedures established
- Users, processes, and devices are authenticated before Access is granted