As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Current »

For general information & instructions on the use of Remote Providers within ThreadFix, please refer to this page's parent page: Remote Providers. For information on REST API functionality for Remote Providers, please refer to the following: Remote Providers API.

Introduction

Qualys Cloud Platform gives you a continuous, always-on assessment of your global security and compliance posture, with 2-second visibility across all your IT assets, wherever they reside.

User Account Requirements

The Qualys account used for the ThreadFix integration must have the WAS module enabled and have “API Access” Access Permission. To retrieve vulnerability data, the user must also have at least one the following roles:

  • Manager

  • Unit Manager

  • Scanner

  • Reader

API Endpoints Used by ThreadFix

Here are the API calls ThreadFix makes to import Qualys scans:

Search scans (POST)

  • URL: /qps/rest/3.0/search/was/wasscan

Retrieve the results of a scan (GET)

  • URL: /qps/rest/3.0/download/was/wasscan/<scanid>

Search web applications (POST)

  • URL: /qps/rest/3,0/search/was/webapp

List Vulnerabilities (POST)

  • URL: /api/2.0/fo/knowledge_base/vuln

Table of Contents

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.