Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.dsalta.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Qualys is an enterprise vulnerability management and compliance platform. DSALTA monitors vulnerability findings and SLA compliance.
Read-only access. DSALTA never modifies, creates, or deletes resources in your Qualys environment. All API access is strictly read-only.

Integration Details

PropertyValue
CategoryQualys
Data Library ModulesVulnerabilities
AuthenticationAPI key or OAuth — requires admin access
Sync FrequencyEvery 24 hours (manual sync available)
PermissionsRead-only

What Data DSALTA Collects

When you connect Qualys, DSALTA automatically collects the following data on every sync cycle:
  • Vulnerability scan findings
  • Finding severity and status
  • SLA tracking data
Every record includes the integration name as its source, a sync timestamp, and is treated identically to manually entered records by auditors.

Key Use Cases

  • Monitor user access to Qualys

How to Connect

1

Navigate to Integrations

Go to Settings → Integrations in your DSALTA dashboard and find Qualys in the catalog.
2

Review Permissions

Review the permissions DSALTA requires. All access is read-only. Click Connect.
3

Authenticate

Follow the on-screen instructions to authenticate with your Qualys account. Admin-level access is required for the initial setup.
4

Configure Scope

Select which accounts, projects, or resources DSALTA should monitor. You can adjust this later from the integration settings.
5

Initial Sync

DSALTA performs an initial data pull (typically 5–15 minutes). Automated compliance tests are generated immediately after sync completes.
After connecting, allow 15–20 minutes for the initial data sync. DSALTA may take up to 24 hours to fully evaluate all synced data and activate all relevant compliance tests.

Automated Compliance Tests

When you connect Qualys, DSALTA automatically generates the following compliance tests. Each test runs every 24 hours and produces pass/fail evidence for your auditor.
TestDescription
Vulnerability alerts should be resolved within SLAChecks that Qualys vulnerability alerts are resolved within the defined SLA.
Tests run automatically every 24 hours. Failed tests generate alerts and appear in your compliance dashboard with remediation guidance. All test results are stored as audit evidence with timestamps.

Compliance Frameworks

This integration provides evidence for the following compliance frameworks:

SOC 2

Access controls, monitoring, and change management evidence.

ISO 27001

Asset management, access control, and operations security evidence.

GDPR

Access records and data processing evidence.

Troubleshooting

Re-authenticate by going to Settings → Integrations → Qualys and clicking Reconnect. This usually happens when API tokens expire or permissions change.
Verify that the connected account still has the required admin permissions. Try a manual sync from the integration settings page. If the issue persists, check your Qualys API rate limits.
Tests generate after the first successful data sync. If sync completed but tests are missing, ensure the relevant features are configured in Qualys (e.g., GuardDuty must be enabled in AWS for GuardDuty tests to appear).
DSALTA syncs all users visible to the connected admin account. If users are missing, verify they are within the scope you configured during setup. Suspended or deleted accounts may not appear.