Shared Assets and WAS/WAF integration

Document created by Steve McBride on Mar 16, 2015Last modified by Rémi Le Mer on Oct 9, 2019
Version 3Show Document
  • View in full screen mode

WAS and WAF have a common licensing unit: Web Applications.


Qualys AssetView is the corner-stone of the WAF integration with WAS. Indeed, in order to cooperate, Qualys WAS and WAF modules need to share a common understanding of the Web Application they monitor, whether for assessment or protection purposes. In order to achieve that, AssetView fully considers Web Applications as a dedicated, dematerialized type of asset, as opposed to Host and Scanners.


Using shared assets, Web Application can be provisioned on both modules (thus consuming #1 app on each module's license). Using the AssetView module, Web Applications can very easily be parsed and then shared between WAS and WAF modules too. Using shared assets, provisioning of WAS and WAF modules on an application and then configuring that application for either scanning or proxying can be made very simple.


Log into the Qualys Portal and navigate to the Asset Management module, and there will be a list of all applications configured within an account:


inline image 1.png


From here, choose “Provision Modules” from the drop down list:


inline image 2.png


Simply by using the toggle switches on the right, WAS and/or WAF modules can be provisioned on an application:


inline image 3.png


In most cases, additional details will be required. These details can be entered directly from this screen by clicking the “Edit” link on the module in question.  Once enabled through Asset Management, the application can be scanned via WAS or protected via WAF normally, without additional configuration necessary on the application itself.