Integrating Qualys Data with RSA Archer

Matthew Alderman

Last updated on: September 6, 2020

Is your organization using RSA Archer to manage your governance, risk and compliance program? Would you like to integrate vulnerability and configuration data from Qualys? RSA Archer integrates with both Qualys Vulnerability Management (VM) through the Qualys XML APIs.

Why RSA Archer?

RSA Archer is the leading enterprise governance, risk and compliance (GRC) solution. Qualys, Inc. is the leading provider of on-demand IT security risk and compliance management solutions — delivered as a service. Since Qualys and RSA Archer have a large number of joint customers, it was logical to integrate our solutions, allowing customers to maximize their investment in both solutions.

Vulnerability Management

Using the Qualys VM scanning infrastructure, vulnerability data can be collected for all enterprise assets in an automated and accurate manner. This integration automatically updates RSA Archer with asset vulnerability data to be used in remediation efforts.

RSA Archer’s integration leverages the Qualys XML API frameworks.

Integration Details

For full integration details with RSA Archer, please see Qualys / RSA Archer integration.

Show Comments (13)

Leave a Reply to Rick Engelhardt Cancel reply

Your email address will not be published. Required fields are marked *

  1. I have successfully integrated the Qualys VM results into Archer.  However, within the last quarter a Qualys change has taken place which effects the XML structure that is being sent into the Archer DataFeed Manager.  As a result, the xslt file that is included within the integration documentation is no longer properly parsing the data.  Any ideas on where I can obtain a copy of a current xslt file?

    1. Zack,

      The VM integration uses a scan report template.  I am unaware of any changes to the output of this report that might cause the translation within Archer to fail.  Do you have an idea which new element was added or removed?  I’ll continue to research on our side, but we have many customers using this integration and no one else has reported this issue.

    1. Hi Nimbus,

      Please let me know, can we integrate Qualys policy controls and pc results to archer? Is there any document available for Qualys Policy compliance integration with Archer.

      Thanks in advance
      Bharath Bhat

  2. I’m having issues which are similar to what zack is/was experiencing. We’ve built a scan template, being sure to include the appendix data, however when the scan is run, there is no appendix data. The appendix data does show up when the scan is run as a report though. any hints?

    thanks

    1. Jason,

      I just went through this last year/2years ago and there wasn’t much out there, or if it was it was quite dated and not 100% correct. I will say it looks like Qualys and Archer (RSA) have been working together on the new Archer VRM product which will take out alot of the manual steps and Curl Scripts and XML. I am guessing the new documentation is still in the works.

      I know the guy who built the new product at Archer was at Qualys then Archer and I believe back at Qualys so you might want to get in touch with him, I know we are going to here in a week or so.

  3. Hi all, I have 1 query regarding the Qualys Integration with Archer. Does the Score Card reports from Qualys guard will be also integrated to Archer? If yes can some help me what all the steps to be followed. Any help on this will be much appreciated.

  4. Hi All,

    As per API V2 document by using curl we can import the posture list to archer. But the details like Evidence, Extended Evidence and Control Summary are not retrievable. Please suggest.

    Please share if any documents available for How to integrate Qualys PC with Archer.

    1. Abhishek a long time ago Archer (before being purchased by RSA) had a “one-off” integration with Qualys. At some point RSA Archer no longer supported that integration and/or it was no longer downloadable by customers. If you ask your RSA Archer rep about a Qualys integration, they will probably tell you that it will have to be built custom by RSA Archer professional services at your company’s expense.

      Qualys has repeatedly asked RSA Archer to provide a COTS integration to Qualys, but it still hasn’t been built.