Qualys VMDR integration
Centraleyezer talks to the Qualys API on your subscription’s POD (US, EU, India, Canada, UK or Australia), pulls the full host-detection list and enriches every QID with Knowledge Base data — title, threat, solution, CVE and CVSS. Classic Qualys CSV reports are supported as a file upload too.
Scan types imported
- Network & host vulnerability detections
- Knowledge Base enrichment (threat, solution, CVE, CVSS)
- TLS certificate inventory
File import
Upload a Qualys vulnerability scan report exported as CSV. The template skips the 7-line Qualys report preamble and reads the standard column layout.
What Centraleyezer expects in the file
- Columns: IP, Title, Port, Protocol, Result, CVE ID, Threat, Solution, Severity, Impact.
- The Qualys 1–5 severity scale drives risk scoring; Threat becomes the description and Solution the recommendation.
- Assets are matched by the IP column.
API connection
Configure your POD’s API hostname and a Qualys API user. On every run Centraleyezer downloads the current host detections (informational QIDs excluded), enriches them from the Knowledge Base in one batch, and imports the findings.
Configuration
Where to get the credentials
Create or use a Qualys account with the "API access" permission (Users → user → allow API access). Find your POD’s API URL under Help → About in the Qualys UI ("Qualys API server URL").
What gets imported on every run
- Every active host detection: QID, title, severity (1–5), CVE, CVSS, port, protocol and the detection results text.
- Knowledge Base enrichment per QID: threat description, solution and CVSS metadata.
- IP assets are auto-created and auto-closed when hosts drop out of later detection lists.
- TLS certificate inventory from the certificate QIDs.
How imported findings are risk-scored
Every Qualys VMDR finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.