We use the Consultant version of Qualysguard. For many of our clients, we operate essentially as an external auditor. Ideally, we would like to have a way to configure credentialed scans without actually having the client's login credentials known to us. Thycotic Secret Server provides the perfect solution to this problem, but Qualys only integrates with the Professional and Enterprise installed versions. Many of our clients are small or medium-sized businesses for whom this option is not cost-effective.
Secret Server has an online edition that is much more cost effective for this sort of engagement, and the folks at Thycotic say it does have a web-services API. However, Qualys does not integrate with this version.
Is is possible that Qualys could work with Thycotic to make this an option?
Watsec Cyber Risk Management