DeepSurface supports pulling vulnerability scan results from Qualys VMDR. To enable this integration we need to add Qualys VMDR as a third-party vulnerability scanning source. Results from Qualys VMDR can be imported to DeepSurface by connecting to the Qualys VMDR API or by manual file import. For API access you'll need the username and password of a Qualys Cloud Platform user with access to scan results for the hosts DeepSurface is scanning. For file import you'll need vulnerability scan results exported in XML format.
See Qualys documentation for more information Qualys API Qualys User Access Permissions
To ensure that analysis of the Qualys scan data is successful, please enable Agentless Tracking in your Qualys scanning settings. This will allow Qualys to place a unique UUID on each of the machines that it scans, which will appear in Qualys report data exports that the DeepSurface console can use to cross-reference for the most accurate analysis possible.
Collect the Qualys Cloud Platform username and password. This user needs the following permissions
In DeepSurface navigate to Project Settings > Vulnerability Scanners > Create (+)
Select Qualys VMDR API
Fill in
Collect a VMDR XML format report with scan results for hosts DeepSurface is scanning
In DeepSurface navigate to > Scanning > Settings > Vulnerability Scanners (+ Vulnerability Scanner)
Select Qualys VMDR Manual Imports
Select upload file
Browse to and select the VMDR report XML file Notes:
Click Finish when done