Getting Started

Get up and running with Qualys MCP Server v0.1.0 in under 5 minutes. Connect your AI assistant to Qualys security data and start asking questions in plain English.

Prerequisites

• A Qualys subscription with API access enabled
• Python 3.10+ or the uv package manager
• Claude Desktop or any MCP-compatible AI client

Quick Start

1. Install uv (if you don't have it already):

   brew install uv

   Or on Linux:

   curl -LsSf https://astral.sh/uv/install.sh | sh

2. Add to Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

   {
     "mcpServers": {
       "qualys": {
         "command": "uvx",
         "args": ["qualys-mcp"],
         "env": {
           "QUALYS_USERNAME": "your-username",
           "QUALYS_PASSWORD": "your-password",
           "QUALYS_POD": "US2"
         }
       }
     }
   }

3. Restart Claude Desktop to pick up the new configuration.
4. Ask a question! Try one of these:
   • "Give me a security overview for today"
   • "Investigate CVE-2024-3400"
   • "What's our overall risk?"
   • "Are we PCI compliant?"

The 7 Tools

Qualys MCP v0.1.0 exposes 7 workflow tools to your AI assistant:

1. investigate — CVE deep-dive, threat actors, asset investigation, EDR/FIM events, KB search
2. assess_risk — cross-domain risk: VMs, cloud, containers, web apps, certificates, assets
3. check_compliance — framework posture (PCI, HIPAA, CIS, NIST, SOC2), failing controls, risk acceptances
4. plan_remediation — patch priorities, deployment status, mitigation coverage, program gaps
5. security_overview — daily/weekly/monthly briefing, scanner health, scan status, ETM findings
6. reports — generate, list, download reports
7. cache_status — admin cache management

What's Next?