1. Censys
  2. Censys Attack Surface Management
  3. Security Integrations

Other Articles In This Section

In this article:

Censys ASM Qualys Integration

  • Updated

This integration queries the Censys ASM platform’s logbook API and feeds newly found hosts into Qualys' vulnerability management tool. It also provides a list of hosts that are no longer found to be part of an organization’s attack surface, which can be used to exclude IPs from the Qualys Vulnerability Management scanner.

 

Installation Considerations

The Censys Qualys integration is packaged to run in a Docker container, which can be deployed on a variety of infrastructure types. Container management is at the discretion of the user.

This integration works with the Qualys VMDR tool.


Set up the Censys Qualys Integration

To set up the Censys integration, you must:

  1. Create a settings.yaml file in the repo

  2. Build the docker container

  3. Run the application

Create a settings file

To create the settings file, open the settings_example.yaml file in the repo and fill in the fields with the required information:

 

Authentication

In the authentication section, provide a value for the asm_api_key field by pasting your API key found here.

authentication.png
Figure 1. Censys ASM platform authentication information

 

Run

In the run section of the settings file, provide values for the following fields:

  • interval - An interval for the command in minutes. Default is 120.

  • startup - A boolean for whether to run the command immediately on startup (true) or wait the interval prescribed in interval (false).

Other Options

  • idFrom - The Censys logbook event ID to begin pulling events from at startup. Logbook event IDs increase sequentially from 1. If empty, all events will be pulled on initial startup.

  • trialMode - A boolean for whether to restrict the number of hosts to 20 so as not to exceed the Qualys trail limit.

  • addHosts - A boolean for whether to add hosts to your Qualys VM scanning queue that Censys has associated to your attack surface.

  • excludeHosts - A boolean for whether to exclude hosts from VM scanning that Censys has disassociated from your attack surface.

run.png
Figure 3. Censys ASM platform run information


Qualys

In the qualys section, provide values for the following fields:

  • qualys_api_url: The API URL for your Qualys platform.

  • qualys_username: Your Qualys username.

  • qualys_password: Your Qualys password.

qualys.png
Figure 4. Qualys information


Save Your File

After you’ve provided values for all of the fields in settings_example.yaml, save the file as settings.yaml.

Build the docker container

Run the following command on your terminal:

./censys-qualys.sh build

Run the docker container

Run the following command:

./censys-qualys.sh run

If you want to test the integration with a single run, use the following command:

./censys-qualys.sh once

 

Results in Qualys

After the integration begins sending Censys logbook events to Qualys, hosts discovered by Censys will be fed into Qualys' vulnerability management system for scanning and monitoring.

hosts-in-qualys.png
Figure 5. View hosts in Qualys

Related articles

Comments

0 comments

Article is closed for comments.