Configure the Vault

To use Secret Server, an administrator must configure it as a Vault within Qualys by specifying a URL and credentials to access the on-premises Secret Service instance.

Instead of adding user name and password credentials for use in trusted scans, the administrator can point to named records stored in Secret Server. Qualys will retrieve the credentials from Secret Server at scan time for trusted scans.

Add New Authentication Vault in Qualys

1. Go to the Scan and select the Authentication tab.

2. Select Authentication Vaults from the new dropdown list.

3. Select Delinea Secret Server from the list.

4. Enter the following access information for your Secret Server site:

   • URL: This is the URL for Secret Server web services. Ensure web services are enabled in your Secret Server instance by selecting the Configuration option from the Administration menu and enabling web services.
   • Add /sswebservices/sswebservice.asmx to your Secret Server URL to obtain the URL for the web services: https://yoursecretserver/secretserver/webservices/sswebservice.asmx.

   If you do not have SSL enabled, web services can still be accessed via http but it is not advisable for production systems. The vault is accessed from the scan agent, so the Secret Server website must be reachable from the Qualys scanner appliance – not the Qualys cloud instance.

   • User Name: The user account for accessing Secret Server. This can either be a local Secret Server account or an Active Directory account. User accounts can be created in Secret Server from the Users section of the Administration menu. This user account should be an application account.

5. Go to Advanced, and select the Application Accountcheckbox.

6. Select Save.