Please let me know, can we integrate Qualys policy controls and pc results to archer? Is there any document available for Qualys Policy compliance integration with Archer.
The short answer to your question is yes. The long answer is that from the Qualys side we provide multiple ways to extract compliance data. 1. Using the reports 2. Using the APIs (Posture API). The APIs are well documented and I have linked them below. See chapter 7. Each Control in Qualys Policy Compliance has a unique CID which can be used as the basis for mapping to checks or other references in Archer.
I hope this helps.
Thanks for your response..
Please suggest on below mentioned points it will be very helpful:
Using the Posture API the details like Evidence information and Control Descriptions are not getting fetched.Is there any other way around to bring whole Control information and evidence details? If we bring the control details how to map it to policies in Archer ?
How to use PC reports to automate the Compliance Management module in Archer?
Ensure you are using the option "details=All" in the API call. This should fetch the control descriptions and evidence information.
Note that evidence information is not available in the CSV format.
If you want to use the PC reports then you would probably need to schedule the reports and push them to a share somewhere and then have the Archer data feed manager consume them.
By using curl we can fetch posture information for only one policy at a time. Is there any way we can fetch posture information for all policies at a time.
Retrieving data ...