Qualys MCP Server

v2.15.0

An unofficial, lightweight MCP server connecting AI assistants (Claude, etc.) to Qualys security data via the Model Context Protocol. 35 tools, pure Python, zero config beyond credentials.

What Problems Does It Solve?

Security teams spend hours clicking through dashboards, copying data between tabs, and manually correlating findings across Qualys modules. Investigating a single CVE can mean navigating the KnowledgeBase, checking threat intelligence tags, looking up affected assets, and reviewing cloud posture — all in separate interfaces.

Qualys MCP Server eliminates that friction. Instead of navigating GUIs, security practitioners ask questions in plain English and get structured, actionable answers in seconds. The server handles the API calls, data correlation, and result formatting automatically.

Who Is It For?

• Security analysts who triage vulnerabilities and need fast CVE lookups with threat context
• SOC teams investigating incidents who need to correlate asset data with detection events
• Vulnerability managers tracking patch coverage, tech debt, and remediation progress
• CISOs and security leaders who want conversational access to security posture metrics without learning Qualys query syntax

Key Features

Quick Install

Add the following to your Claude Desktop configuration file (claude_desktop_config.json):

{
  "mcpServers": {
    "qualys": {
      "command": "uvx",
      "args": ["qualys-mcp"],
      "env": {
        "QUALYS_USERNAME": "your-username",
        "QUALYS_PASSWORD": "your-password",
        "QUALYS_POD": "US2"
      }
    }
  }
}

That's it — no build step, no Docker, no database. See the installation guide for platform-specific paths and all available environment variables.