Prisma Cloud: Unable to find Findings after Qualys Integration

• Qualys is integrated with Prisma Cloud by following the steps outline in the documentation. Although, the integration was successful, you can not see the data from Qualys when running the following RQL’s:

config from cloud.resource where finding.type = 'Host Vulnerability'

network from vpc.flow_record where dest.resource IN ( resource where finding.type = 'Host Vulnerability' )

• Prisma Cloud Enterprise Edition (SaaS)
• Qualys Integration

• When resource is part of [COMPUTE] and had findings , we will not display findings from external Findings such as Tenable , Qualys , AWS Inspector. Only compute findings are returned. In asset sidecar customer will see only Compute vulnerabilities ( as we are giving precedence to our in-house Compute system ). 

• When the source is only [CSPM] for a given resource , UAI makes API call to external_findings to get the vulnerabilities

• When the source is only [COMPUTE] for a given resource , UAI makes API call to compute to get the vulnerabilities

• When the source is shared[CSPM],[COMPUTE] for a given resource , UAI makes API call to compute to get the vulnerabilities.

1. If RQL such as “config from cloud.resource where finding.source = ‘<finding source>’ 
   (where external finding source can be Qualys , AWS Inspector, Tenable) is not showing any vulnerabilities.
2. Check if “config from cloud.resource where finding.Type = 'Host Vulnerability’ “ is returning results. 
3. If yes, check if resource is part of compute.

View our documentation here on Qualys integration.