Skip to main content

Integrating with Qualys VMDR – Full Guide

Step-by-step guide to integrating Qualys VMDR with Hyver and leveraging its findings for risk analysis.

Updated this week

1. Introduction

Qualys VMDR (Vulnerability Management, Detection, and Response) enables organizations to identify vulnerabilities across their entire networked environment, including servers, network devices, peripherals, and workstations. For example, it can detect outdated operating systems on critical servers, unpatched network devices, or misconfigured access settings on employee workstations before they become exploitable risks.

File:Logo-Qualys.svg - Wikimedia Commons

Integrating Qualys VMDR with Hyver allows you to:

  • Automatically ingest and import assets, along with their associated findings, directly from Qualys VMDR.

  • Detect misconfigurations related to trust, permissions, and access levels.

  • Gain a unified view of vulnerabilities across your IT environment to better prioritize and address security risks.

Hyver retrieves data from Qualys VMDR but does not modify or update any information within Qualys.

For more details about Qualys VMDR, visit the Qualys website.

2. Prerequisites

Before setting up the Qualys VMDR integration in Hyver, make sure you have the following:

  • Qualys account credentials

    • A valid username and password for the Qualys platform.

    • The Qualys user account must be assigned the Reader role for the integration to function properly.

  • Qualys platform ID – Required for establishing the connection. The platform ID tells Hyver which Qualys environment (US, EU, etc.) your account belongs to. You can find it in the URL you use to log in to Qualys or in your API endpoint (for example: qualysapi.qualys.com for US1, or qualysapi.qualys.eu for EU1). If you’re unsure, contact Qualys Support to confirm your platform.

  • Hyver permissions – You must be a Hyver administrator to add this integration.

  • Qualys user - The user used for the integration needs to have permissions for viewing certificates.

For detailed guidance on account roles and permissions in Qualys, refer to the Qualys Help documentation.

Required IP Addresses

For the integration to work smoothly, you may need to allow traffic from Hyver’s servers in your firewall or network configuration. This ensures that Hyver can securely connect to your environment and perform scans without being blocked.

Depending on your region and the type of scan, add the following IP addresses:

  • General IPs:

    • Europe18.198.79.197

    • America52.1.10.176, 35.171.70.87

  • IPs for Azure and AWS Scans:

    • Europe18.158.77.90

    • America34.206.252.13

In most cases, you only need to add the IPs relevant to your region and use case.

Multi-Company Dashboard and Integrations

To enable Multi-Company, contact your CYE Technical Account Manager or Technical Support.

Creating the Integration

Before Qualys VMDR findings can appear in Hyver, you first need to create the integration and authenticate with the Qualys platform.

Reminder: Hyver does not modify or update any information in Qualys—it only retrieves data for analysis.

The process involves two main parts:

  1. Configuring the integration in Hyver – Setting up the connection and authentication.

  2. Preparing Qualys – Ensuring the correct settings and permissions are in place on the Qualys side to allow data retrieval.

In the next steps, we’ll guide you through both the Hyver setup and the necessary Qualys-side configurations to ensure a smooth and secure integration.

3. Configuring on the Qualys Side

Before starting the integration in Hyver, take a moment to review your Qualys settings. This quick check will help ensure the connection works smoothly.

User Role and Permissions in Qualys

  1. In Qualys, locate your integration user.

  2. Click the small arrow next to the username to open the Edit User screen:

  3. Go to the Permissions tab.

  4. In the User Role drop-down, select Reader:

  5. Just below the role field, make sure the API checkbox is selected:

    • This permission allows Hyver to retrieve data via the Qualys API and is required for the integration to function.

    • The other checkboxes are optional.

Qualys API Credentials

After creating the Qualys user for the integration, log in to the Qualys platform with that account to confirm it is active and working. Make sure the user has access to the Asset Groups you want to import into Hyver. Without this access, Hyver cannot retrieve the relevant assets or their findings.

Completing these steps ensures Hyver can securely connect to Qualys and pull in the necessary data without issues.

After creating or editing the user, make sure it can access the asset groups you want to ingest into Hyver. To verify, log in to Qualys with the new account and confirm that the login works and the relevant assets are visible.

4. Configuring in Hyver

  1. Click Settings > Integrations and select Add integration on the Qualys VMDR tile:

  2. Add a name for this integration:

  3. Entering Your Qualys Login Details
    When prompted in Hyver, enter the username and password you normally use to sign in to the Qualys platform:

    Reminder: Your Qualys account must have the Reader role to complete the integration. This role allows Hyver to securely access and retrieve the necessary data from Qualys.

  4. Selecting the Qualys Platform
    In Hyver, select your Qualys platform from the dropdown list:

    To identify the correct platform:

    • Check the platform identifier in your Qualys username.

    • If you are unsure of your platform identifier, contact the Qualys Support team for assistance.

    Choosing the correct platform ensures Hyver can connect to the right Qualys environment and retrieve your data successfully:

  5. Validate the connection and the entered credentials by clicking Verify connection:

  6. Saving the Integration

    • If the test is successful:
      Complete the setup and click Save in the bottom-right corner of the screen.

    • If the test fails:
      Verify your network connectivity and/or Qualys credentials, then try the test again.

What Happens After Saving?

Once you save the integration details:

  1. Data synchronization begins – Hyver connects to Qualys and retrieves the latest data.

  2. Findings are imported – Vulnerabilities and related information are populated in Hyver.

  3. An engagement is created – A new engagement named “Integrations with external tools” appears in Hyver.

Integration Output in Hyver

Once the Qualys VMDR integration is successfully completed, Hyver automatically creates a new technology asset with the following details:

  • Asset type: VM (Vulnerability Management)

  • Technology name: Qualys VMDR

  • Engagement: Integration with external tools

This technology asset is automatically mapped to the NIST Cybersecurity Framework (CSF):

In Hyver, technologies represent assets—such as security tools—that can improve the maturity score of specific NIST subcategories. These technologies are factored into the maturity level calculation, helping you measure and track how security investments strengthen your overall cybersecurity posture.

Example: If Qualys VMDR is mapped to the “Vulnerability Management” subcategory under the Protect function, its presence can increase your maturity score in that area, reflecting the tool’s role in reducing your exposure to unpatched vulnerabilities.

5. Viewing Results

Viewing the Findings

  1. Go to the Findings page in Hyver.

  2. Use the Sources filter to display only findings from Qualys.

    • If you have multiple Qualys integrations, the filter will include findings from all connected Qualys instances.

Collected Endpoints

Collected endpoints are the specific data sources that Hyver retrieves from Qualys through the integration. They represent the types of information made available for analysis, mapping, and risk assessment inside Hyver.

For the Qualys VMDR integration, Hyver collects data from the following endpoints:

  • Host asset – Information about the machines (servers, workstations, devices) managed in Qualys.

  • Certificate view – Details about SSL/TLS certificates, including validity and trust level.

  • Host list detection – A list of vulnerabilities or issues detected on hosts during scans.

  • Scan data – Results from vulnerability scans, showing which assets were checked and what was found.

  • Scheduled scan – Information about scans that are planned or recurring in Qualys.

  • Server instances – Data about the servers monitored, including configurations and roles.

  • Users – Information about Qualys user accounts, including their roles and permissions.

By collecting these endpoints, Hyver can build a comprehensive picture of your environment, map vulnerabilities to business risk, and ensure findings are continuously updated.

6. Types of Fetched Entities

Qualys Findings in Hyver

Findings created in Hyver from the Qualys VMDR integration are based on:

  • Configuration-based insights – such as misconfigurations related to trust, permissions, or access levels.

  • Usage-based insights – vulnerability data and activity patterns detected by the Qualys VMDR solution.

Findings statuses in Hyver:

  • Fixed in Hyver means Fixed in Qualys.

    • In case the status came automatically from Qualys, we will add an indication of verified.

  • When an asset was scrapped from Qualys, it appears as "Not relevant" in Hyver.

    • Remediation asset appears as “Not relevant“ in Hyver if the corresponding asset was deleted from Qualys, can’t be scanned by Qualys for a long time or was physically removed.

How Findings Are Used in Hyver

  • Each finding is linked to relevant NIST subcategories.

  • Findings impact the exposure value, and contribute to the Hyver Maturity assessment, impacting your maturity scores.

Examples of Findings from Qualys

Findings imported from Qualys VMDR into Hyver may include:

  • Scans are not conducted regularly.

  • Unfinished scans.

  • Long periods between host scans.

  • Previously detected vulnerabilities were not remediated.

  • User accounts configured but unused for a significant period.

  • Use of untrusted server certificates.

  • Strict Transport Security (STS) is not enforced.

Hyver also maps Qualys CVEs and aggregates them into broader findings, such as:

  • Usage of Outdated and Vulnerable Technologies

Other Related Findings in Hyver

In addition to direct Qualys findings, Hyver may identify related risks, including:

  • Usage of outdated and vulnerable protocols.

  • Weak authentication over insecure channels.

  • Interfaces protected by default credentials.

  • Anonymous access to sensitive interfaces.

  • FTP servers accessible anonymously.

Sync Frequency: The Qualys integration automatically syncs every 24 hours, ensuring that findings and related remediation assets remain up to date in Hyver.

7. Deleting the Integration

Deleting an Integration

  1. Click Delete Integration.

  2. Confirm that you want to delete the integration.

When you delete an integration in Hyver:

  • The connection to Qualys is terminated immediately.

  • No new data from the deleted integration will be ingested or processed.

  • Any data already imported into Hyver is retained and remains available for analysis.

Editing an Integration

  1. Click Edit Integration.

  2. Make the required changes.

  3. Click Save to apply the updates.

Wrap-up

In this guide, we explored how to connect Qualys VMDR to Hyver, reviewed the prerequisites, and walked through the setup process. We also examined how Qualys findings are imported, mapped, and used in Hyver to enhance visibility, strengthen maturity scores, and support effective remediation planning.

Related Articles
Hyver Integrations Overview
Integrating with WIZ – Full Guide
Integrating with Rapid7 InsightVM – Full Guide
Integrating with Tenable Vulnerability Management – Full Guide
Integrating with Crowdstrike Falcon – Full Guide
Did this answer your question?