Qualys proof types and permissions
Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Qualys, you can automatically collect proof based on the following services:
List of Assets
List of Users
List of VM Scans
List of PC Scans
VM Remediation Tickets
Additional documentation
Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncs for a single control or label.
Important
If your Qualys instance uses Single Sign-On (SSO), you’ll need your Qualys administrator to create a Qualys service account with SSO disabled. SSO can be disabled on a per-account basis. For more information, refer to this Qualys help article.
Tip
If you don’t know your platform, see the Qualys documentation.
Supported platforms
The Qualys Hypersync supports the following platforms:
|
|
|
For help identifying your platform, see Identify your Qualys platform in the Qualys documentation.
Permissions
The minimum permissions needed for a Qualys user to create a Hypersync are:
Read access to the Manage VM and Manage SCA modules
API Access turned on
Additional setup may be required for the List of Assets proof.
To include Cloud Agent assets in the List of Assets proof create a new Manager User and limit that user's permissions under User Management as follows:
Select Quick Actions > Edit > Roles and Scopes and uncheck the Allow user full permissions and scope option.
Add the following minimum roles: READER, Reporting Reader, Unified Dashboard User, and VM User.
Ensure that the Allow user view access to all objects is checked.
Creating a Qualys user with minimum permissions
Log in to Qualys as an Administrator.
Click the drop-down menu in the upper-left corner.
Scroll to Utilities, and then select Administration.
From the User Management tab, click Create User and then select Create Reader User.
The New Reader User window opens.
Enter all required information.
Important
Do not click the Save button until step 11.
From the left navigation menu, select the User Role tab.
From the User Role drop-down menu, select Reader.
Select the GUI and API checkboxes.
From the left navigation menu, select the Permissions tab.
Select the Manage VM Module and Manage PC Module checkboxes.
Click Save.
Assign hosts to the Reader User using Asset Groups in VMDR and PC:
Navigate to VMDR or PC.
Select the Users tab.
Mouse over the Reader User, click the arrow, and then click Edit.
From the Asset Groups tab, add the appropriate asset group(s).
Click Save.
Refer to the Qualys documentation for help with managing asset groups.
Completing new user setup
You’ll receive an email from Qualys with the subject Qualys Registration—Start Now.
Copy and save the username provided by Qualys.
Click Link to access your password.
Copy the OTP code from the email, paste it, and then click Submit.
Copy and save the password provided by Qualys.
Click the URL to log in to Qualys.
Confirm the user’s information, and then click Save.
After clicking Save, you’ll be prompted to change the user’s password.
Removing GUI access for a new user
Log in to Qualys as an Administrator.
Click the drop-down menu in the upper-left corner.
Scroll to Utilities, and then select Administration.
Mouse over the user, click the drop-down arrow, and then select Edit Basic Details.
The Edit User window opens.
From the left navigation menu, select the User Role tab.
Clear the checkbox labeled GUI.
Click Save.