Setup Integration from Qualys

The Qualys VMDR integration uses REST API mode to collect data. Elastic Agent fetches data via API endpoints.

Compatibility

This module has been tested against the latest Qualys VMDR version v2.

Data streams

The Qualys VMDR integration collects data for the following three events:

Starting from Qualys VMDR integration version 6.0, the Asset Host Detection data stream includes enriched vulnerabilities data from Qualys Knowledge Base API.

• https://docs.qualys.com/en/vm/latest/

Requirements

• Elastic Agent must be installed.
• You can install only one Elastic Agent per host.
• Elastic Agent is required to stream data through the REST API and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines.

Agentless Enabled Integration

Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to Agentless integrations (external, opens in a new tab or window) and the Agentless integrations FAQ (external, opens in a new tab or window). Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.

• https://www.elastic.co/docs/solutions/security/get-started/agentless-integrations
• https://www.elastic.co/docs/troubleshoot/security/agentless-integrations

Installing and managing an Elastic Agent:

You have a few options for installing and managing an Elastic Agent:

Install a Fleet-managed Elastic Agent (recommended):

With this approach, you install Elastic Agent and use Fleet in Kibana to define, configure, and manage your agents in a central location. We recommend using Fleet management because it makes the management and upgrade of your agents considerably easier.

Install Elastic Agent in standalone mode (advanced users):

With this approach, you install Elastic Agent and manually configure the agent locally on the system where it’s installed. You are responsible for managing and upgrading the agents. This approach is reserved for advanced users only.

Install Elastic Agent in a containerized environment:

You can run Elastic Agent inside a container, either with Fleet Server or standalone. Docker images for all versions of Elastic Agent are available from the Elastic Docker registry, and we provide deployment manifests for running on Kubernetes.

There are some minimum requirements for running Elastic Agent and for more information, refer to the link here.

• https://www.elastic.co/docs/reference/fleet/install-elastic-agents

Description:

Integrate Qualys Vulnerability Management, Detection and Response (VMDR) with the Elastic Stack usingvia REST API-based methods. This allows youAPI to ingest vulnerability, asset, and detection data directly into Elasticsearch for centralized security monitoring, visualization,monitoring and analysis.

Credentials & API Access Setup

Prepare API Access:

1. Log in to the Qualys Admin Portal.

   →

2. Go to User Management.

3. Create or select a dedicated API userUser with:

   • API Access permission

   • Access toto:

     VMDR,
     Host,
     • and

       VMDR Module

     • Host Detection

       modules

     • Asset Inventory

     • Knowledge Base

     • User Activity Log (if required)

4. SaveTake thenote username and password for authentication

Call the API:

Use Basic Authentication with your API user credentials.

Python Example Script:

Option 2: Elastic Agent – Qualys VMDR Integration (REST API)

Description:

Use Elastic Agent’s built-in Qualys VMDR integration to automatically fetch vulnerability and asset data via the REST API and ingest it directly into Elasticsearch.

What It Does:

• Connects to Qualys VMDR using a dedicated API user
• Fetches data streams like detections, vulnerabilities, and host asset inventory
• Provides ready-made Kibana dashboards and works with Elastic Security rules
• Fully managed through Fleet UI in Elastic Cloud or self-managed Elastic Stack

Steps:

Enable API Access in Qualys:of:

• Ensure a Qualys API user existsUsername

• GrantPassword

  the
following:

• Your Qualys Platform API URL:

  • APICheck Accessvia: Qualys Platform Identification

  • AccessOr log in to VMDR,Qualys Host,→ Detection,Help and→ InventoryAbout modules→ assee needed“Security Operations Center (SOC)” for your URL.

Install

Elastic Agent:

Integration

Configuration

Add the Qualys VMDR Integration:

1. Go to Kibana → FleetManagement → Integrations

2. Search for “Qualys VMDR” and click Add Integration

3. Enter:

   • API Server URL (e.g., https://qualysapi.qualys.com)

   • API Username

   • API Password

   • Optional: page size or polling interval

Choose Data Streams to Collect:

• vulnerability

• detection

• host

• asset_inventory (if supported)

Save the Integration Policy:

• Attach the policy to an Elastic Agent

• Agent will start fetching and shipping data automatically

References:

• https://www.elastic.co/docs/reference/integrations/qualys_vmdr
• https://cdn2.qualys.com/docs/qualys-api-vmpc-user-guide.pdf

What Happens Next

When you run your custom script (Option 1):
→ Data is pulled from Qualys via REST API and posted to a target Elasticsearch index
→ You control the fetch frequency, field mappings, and transformation logic
→ Dashboards must be manually built or customized in Kibana

When you enable Elastic Agent integration (Option 2):
→ Agent continuously pulls vulnerability and detection data from Qualys
→ Prebuilt dashboards populate in Kibana
→ Vulnerabilities can be used in SIEM detection rules or custom queries

Integration Requirements Overview

Permissions

Asset Host Detection

Knowledge Base

Managers, Unit Managers, Scanners, Readers have permission to download vulnerability data from the KnowledgeBase.

User Activity Log

Setup

To collect data through REST API, follow the below steps:

• Considering you already have a Qualys user account, to identify your Qualys platform and get the API URL, refer this link.
  • https://www.qualys.com/platform-identification/
• Alternative way to get the API URL is to log in to your Qualys account and go to Help > About. You’ll find your URL under Security Operations Center (SOC).

Enabling the integration in Elastic:

1. In Kibana go to Management > Integrations

2. In "Search for integrations"the search bar, type Qualys VMDR.

3. ClickSelect on the "Qualys VMDR" integrationVMDR from the search results.

4. Click on the Add Qualys VMDR Integration button to add the integration..

While adding

Provide the integration,following ifconnection details based on the data you want to collectcollect:

5. Save the following details:
   • username
   • password
   • url
   • initial interval
   • interval
   integration.

Permissions

Reference (API User)