What Changed

The Qualys VM CCF connector has been updated to use Qualys VM API version 5.0, migrating from the previously used version 3.0. This change affects both the API endpoint URL and documentation references in the connector definition.

Security Impact (Visibility & Fidelity)

Critical timeline dependency: The Qualys VM API v3.0 will be deprecated in June 2025. Deployments that do not upgrade before the deprecation date will experience complete data ingestion failure for Qualys VM vulnerability data - creating a blind spot for vulnerability management visibility in Microsoft Sentinel.

The API version change itself maintains the same data schema and ingestion mechanism. No vulnerability detection data will be lost during the transition, but failure to deploy this update before June will result in zero vulnerability data flowing from Qualys VM into the Custom-QualysVM stream.

Connector Details

  • API Endpoint Updated: /api/3.0/fo/asset/host/vm/detection/ → /api/5.0/fo/asset/host/vm/detection/
  • Ingestion Stream: Custom-QualysVM (DCR-based)
  • Rate Limiting: Unchanged (1 QPS)
  • Authentication: No changes to credential requirements
  • Documentation: Updated Host Detection API reference links to v5.0

Affected Files

Solutions/QualysVM/Data Connectors/QualysVMHostLogs_ccp/QualysVMHostLogs_ConnectorDefinition.json
Solutions/QualysVM/Data Connectors/QualysVMHostLogs_ccp/QualysVMHostLogs_PollingConfig.json
(packaging artefacts: 3.0.8.zip, mainTemplate.json)