BlueApp for Qualys Actions

The BlueApp for Qualys provides a set of orchestration actions that you can use to identify threats and manage assets in your USM Anywhere environment. The following table lists the available actions from the BlueApp.

Actions for the BlueApp for Qualys
Action Description
Tag Asset Run this action to add a Qualys tag to an asset
Scan IP From Rule Run this action to scan a source or destination IP address from a rule
Single Asset Scan Run this action to scan a single asset from a vulnerability
Asset Discovery Qualys asset discovery feature
Collect Alert Run this action to collect alert from Qualys scan from an asset
Vm Single Asset Scan Run this action to scan a single asset for a vulnerability from a vulnerability
Vm Single Asset Scan Run this action to scan a single asset for a vulnerability from an asset
Scan Destination IP from Rule Run this action to scan a destination IP from a rule
Scan Source IP from Rule Run this action to scan a source IP from a rule
Remove Asset Tag Run this action to remove an asset tag from Qualys

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed orchestration actions.

Launch Actions from Vulnerabilities

You can launch an action directly from vulnerabilities. If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from the action applied to a vulnerability.

To launch a Qualys response action for an alarm or event

  1. Go to Activity > Vulnerabilities.
  2. Click the vulnerability to open the details.
  3. Click Select Action.

  4. In the Select Action dialog box, select Run Qualys Action.

  5. Select the app action and fill out the fields that are populated below.

  6. Click Run.

    After USM Anywhere initiates the action for the vulnerability, it displays a confirmation dialog box.

    If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar vulnerabilities and define the new rule. If not, click OK.

Scan an Asset

You can scan a single asset with BlueApp for Qualys from either the Asset or Vulnerabilities pages.

Too run an asset scan from the Vulnerabilities Page

  1. Go to Environment > Assets.
  2. Complete one of these options to open the Select Scan Action dialog box:
    • Next to the asset name that you want to scan, click the icon, select Full Details, and then select Actions > Scan with BlueApp.
    • Next to the asset name that you want to scan, click the icon that you want to scan, and then select Scan with BlueApp.

    The Select Scan Action dialog box opens.

    Select Scan Action Dialog Box

  3. Click Run Qualys Select Scan Action.
  4. Select VM Single Asset Scan from the App Action dropdown menu and fill out the fields that are populated below

To run an asset scan from the Assets page

  1. Go to Environment > Assets.
  2. Click the icon next to the Asset and click Scan with BlueApp.
  3. Select VM Single Asset Scan from the App Action dropdown menu and fill out the fields that are populated below.

You can also run a Qualys asset scan by selecting Action > Scan with BlueApp on an asset's Full Asset Details page.