Hello all,
We use the Consultant version of Qualysguard. For many of our clients, we operate essentially as an external auditor. Ideally, we would like to have a way to configure credentialed scans without actually having the client's login credentials known to us. Thycotic Secret Server provides the perfect solution to this problem, but Qualys only integrates with the Professional and Enterprise installed versions. Many of our clients are small or medium-sized businesses for whom this option is not cost-effective.
Secret Server has an online edition that is much more cost effective for this sort of engagement, and the folks at Thycotic say it does have a web-services API. However, Qualys does not integrate with this version.
Is is possible that Qualys could work with Thycotic to make this an option?
Dennis Houseknecht
Watsec Cyber Risk Management
Hi Dennis,
I have been chatting to John Haberland at Qualys about your question. Qualys would have to change their integration with Thycotic Secret Server to support our online edition due to our slightly different authentication on that service (an additional field called organization code is required). This is probably the wrong approach - a better approach is to wait for our new version of the online edition which will have more of the Professional and Enterprise Edition capabilities (such as AD Synchronization, Heartbeat and Remote Password Changing) - stay posted for this release which will come in the next few months. This new version will also just work with QualysGuard out of the box.
Please drop me a note with your contact details and I will connect you with our Product Manager for Thycotic Secret Server so you are notified as soon as this new version is available.
Best regards,
Jonathan